Posted by: manilageek | March 23, 2010

Configure switch interface for VMPS DOT1X authentication

PC(w/ Cisco Secure Services Client)——–EdgeSwitch———-ACS(TACACS)———DomainControler

Edge switch interface configuration below depending on the Cisco Catalyst Switch Model.

For Cisco Catalyst Switch 4500 series:

interface Fa1/1
switchport mode access
switchport voice vlan <Voice VLAN>
speed 100
duplex full
qos trust cos
authentication event no-response action authorize vlan <Guest VLAN>
authentication host-mode multi-host
authentication port-control auto
authentication timer reauthenticate 60
dot1x pae authenticator
dot1x timeout quiet-period 5
dot1x max-req 10
storm-control broadcast level 20.00
storm-control action trap
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end

For Cisco Catalyst Switch 6500 series:
interface Fa1/1
switchport
switchport mode access
switchport voice vlan <Voice VLAN>
speed 100
duplex full
mls qos trust cos
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x timeout quiet-period 5
dot1x timeout reauth-period 60
dot1x max-req 10
dot1x guest-vlan <Guest VLAN>
storm-control broadcast level 20.00
spanning-tree portfast
spanning-tree bpduguard enable
end

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Categories

%d bloggers like this: