Documentation Updates
Command
Step 3
interface interface-id
Step 4
switchport mode access
Step 5
ip access-group access-list in
Step 6
ip admission rule
Step 7
end
Step 8
show running-config interface
interface-id
Step 9
copy running-config startup-config
This example shows how to configure only web authentication on a switch port:
Switch# configure terminal
Switch(config)# ip admission name rule1 proxy http
Switch(config)# interface gigabit1/0/1
Switch(config-if)# switchport mode access
Switch(config-if)# ip access-group policy1 in
Switch(config-if)# ip admission rule1
Switch(config-if)# end
Beginning in privileged EXEC mode, follow these steps to configure a switch port for IEEE 802.1x
authentication with web authentication as a fallback method:
Command
Step 1
configure terminal
Step 2
ip admission name rule proxy http
Step 3
fallback profile fallback-profile
Step 4
ip access-group policy in
Step 5
ip admission rule
Step 6
end
Step 7
interface interface-id
Step 8
switchport mode access
Step 9
dot1x port-control auto
Step 10
dot1x fallback fallback-profile
Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(35)SE and Later
22
Purpose
Specify the port to be configured, and enter interface configuration
mode.
Set the port to access mode.
Specify the default access control list to be applied to network traffic
before web authentication.
Apply an IP admission rule to the interface.
Return to privileged EXEC mode.
Verify your configuration.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Define a web authentication rule.
Define a fallback profile to allow an IEEE 802.1x port to
authenticate a client by using web authentication.
Specify the default access control list to apply to network traffic
before web authentication.
Associate an IP admission rule with the profile, and specify that
a client connecting by web authentication uses this rule.
Return to privileged EXEC mode.
Specify the port to be configured, and enter interface
configuration mode.
Set the port to access mode.
Enable IEEE 802.1x authentication on the interface.
Configure the port to authenticate a client by using web
authentication when no IEEE 802.1x supplicant is detected on the
port. Any change to the fallback-profile global configuration takes
effect the next time IEEE 802.1x fallback is invoked on the interface.
Web authorization cannot be used as a fallback method
Note
for IEEE 802.1x if the port is configured for multidomain
authentication.
OL-8918-03