Controlling 802.1X Authentication on an Interface
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
aaa authentication dot1x default group group-list
Example:
switch(config)# aaa authentication dot1x default
group rad2
Step 3
exit
Example:
switch(config)# exit
switch#
Step 4
(Optional) show radius-server
Example:
switch# show radius-server
Step 5
(Optional) show radius-server group [group-name]
Example:
switch# show radius-server group rad2
Step 6
(Optional) copy running-config startup-config
Example:
switch# copy running-config startup-config
Controlling 802.1X Authentication on an Interface
You can control the 802.1X authentication performed on an interface. An interface can have the following
802.1X authentication states:
Auto
Force-authorized
Force-unauthorized
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
188
Enables 802.1X authentication on the interface.
Disables 802.1X authentication on the interface and allows all traffic on the interface without
authentication. This state is the default.
Disallows all traffic on the interface.
Purpose
Enters global configuration mode.
Specifies the RADIUS server groups to use for 802.1X
authentication.
The group-list argument consists of a space-delimited list
of group names. The group names are the following:
• radius—Uses the global pool of RADIUS servers for
authentication.
• named-group —Uses the global pool of RADIUS
servers for authentication.
Exits configuration mode.
Displays the RADIUS server configuration.
Displays the RADIUS server group configuration.
Copies the running configuration to the startup
configuration.
Configuring 802.1X