Configure 802.1X Transparent Transmission Mode
Network Requirements
- PC is connected to Device2 enabled with the 802.1X access control via Device1 and connected to IP Network.
- Device1 enables the transparent transmission function; Device2 uses the RADIUS authentication mode.
- After passing authentication, PC can access IP Network.
Network Topology
Figure 12-8 Networking of configuring the 802.1X transparent transmission mode
Configuration Steps
Step 1: Configure the link type of VLAN and interface on Device2.
#Create VLAN2–VLAN3 on Device2.
|
Device2#configure terminal
Device2(config)#vlan 2-3
Device2(config)#exit
|
#Configure the link type of interface gigabitethernet 0/1 as Access, permitting services of VLAN2 to pass.
|
Device2(config)#interface gigabitethernet 0/1
Device2(config-if-gigabitethernet0/1)#switchport mode access
Device2(config-if-gigabitethernet0/1)#switchport access vlan 2
Device2(config-if-gigabitethernet0/1)#exit
|
#Configure the port link type on gigabitethernet0/2–gigabitethernet0/3 of Device2 as Access, permitting the services of VLAN2–VLAN3 to pass. (Omitted)
Step 2: Configure the interface IP address of Device2.
#Configure the IP address of VLAN3 as 130.255.167.1/24.
|
Device2(config)#interface vlan 3
Device2(config-if-vlan3)#ip address 130.255.167.1 255.255.255.0
Device2(config-if-vlan3)#exit
|
Step 3: Configure the AAA authentication.
#Enable the AAA authentication on Device2, and adopt the RADIUS authentication mode. The server key is admin, the priority is 1, and the RADIUS server address is 130.255.167.167/24.
|
Device(config)#domain system
Device(config-isp-system)# aaa authentication dot1x radius-group radius
Device(config-isp-system)#exit
Device(config)#aaa server group radius radius
Device(config-sg-radius-radius)#server 130.255.167.167 priority 1 key admin
|
Step 4: Configure the AAA server.
#Configure the user name, password, and key as admin on the AAA server. (Omitted)
Step 5: Configure the port VLAN of Device1.
#Configure the port link type on gigabitethernet0/1-gigabitethernet0/2 of Device1 as Access, permitting the services of VLAN2 to pass. (Omitted)
Step 6: Enable the 802.1X transparent transmission function on Device1.
#Configure the 802.1X transparent transmission mode on gigabitethernet0/1 of Device1 and the uplink port is gigabitethernet0/2.
|
Device1(config)#interface gigabitethernet 0/1
Device1(config-if-gigabitethernet0/1)#dot1x eapol-relay enable
Device1(config-if-gigabitethernet0/1)#dot1x eapol-relay uplink interface gigabitethernet 0/2
Device1(config-if-gigabitethernet0/1)#exit
|
Step 7: Configure the 802.1X authentication mode on Device2.
#Enable the 802.1X authentication of gigabitethernet0/1 and the port authentication mode is Portbased.
|
Device2(config)#interface gigabitethernet 0/1
Device2(config-if-gigabitethernet0/1)#dot1x port-control enable
Device2(config-if-gigabitethernet0/1)# authentication port-method portbased
Device2(config-if-gigabitethernet0/1)#exit
|
Step 8: Check the result.
#PC user can be authenticated successfully and can access IP Network.
Device2#show dot1x user
NO 1 : MAC_ADDRESS= 3883.45ef.7984 STATUS= Authorized USER_NAME= admin
VLAN= 2 INTERFACE= gi0/1 USER_TYPE= DOT1X
AUTH_STATE= AUTHENTICATED BACK_STATE= IDLE IP_ADDRESS= Unknown
IPV6_ADDRESS= Unknown
Online time: 0 week 0 day 0 hours 0 minute 51 seconds
Total: 1 Authorized: 1 Unauthorized/guest/critical: 0/0/0 Unknown: 0
Switch
.png){kind=icon}
.png){kind=logo}
