Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1...
-
Upload
florence-stevenson -
Category
Documents
-
view
217 -
download
0
Transcript of Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1...
![Page 1: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/1.jpg)
Network Infrastructure Configuration for MAB Port Configuration
Interface fastethernet 0/1description Trustsec:802.1X+MAB+MultiAuthswitchport access vlan 10switchport mode accessswitchport voice vlan 40ip access-group ACL-ALLOW inauthentication event fail action next-method authentication event server dead action authorize vlan 10 authentication event server alive action reintializeauthentication host-mode multi-authauthentication openauthentication order mab dot1xauthentication priority dot1x mabauthentication port-control autoauthentication violation restrictmabdot1x pae authenticatorspanning-tree portfast
![Page 2: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/2.jpg)
Network Infrastructure Configuration for MAB Port Configuration
switchport access vlan 10
The default vlan identified here can be overridden by a profile
Back
![Page 3: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/3.jpg)
Network Infrastructure Configuration for MAB Port Configuration
ip access-group ACL-ALLOW in
This access list specifies what traffic is allowed on the port prior to a succesful 802.1x authentication
Back
![Page 4: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/4.jpg)
Network Infrastructure Configuration for MAB Port Configuration
authentication event fail action next-method
This commands identifies what should take place after an authentication failure.This command may be useful in circumstances where you want host to failover to MAB if an 802.1x authentication has failed.
Back
![Page 5: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/5.jpg)
Network Infrastructure Configuration for MAB Port Configuration
authentication event server dead action authorize vlan 10
If the RADIUS server is dead and cannot be contacted then the action in this Example to authorize the port into vlan 10.
Back
![Page 6: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/6.jpg)
Network Infrastructure Configuration for MAB Port Configuration
authentication event server alive action reintialize
On the Radius server becoming active and accessible, reinitialize authenticationon the port.
Back
![Page 7: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/7.jpg)
Network Infrastructure Configuration for MAB Port Configuration
authentication host-mode multi-auth
The options available for this command are multi-auth and single.
With multi-auth as shown a wireless access point or hub can be attached to theswitch port and individual multiple hosts can be authorized against the port
In single mode only one of the attached clients must be authorized for all theclients to be granted network access. If the orginal authorized client leaves the port then all those previously authorized clients will be logged off.
Can be used in conjunction with switchport security to limit access to configuredmac addresses.
Multi-ath checks each session.
Back
![Page 8: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/8.jpg)
Network Infrastructure Configuration for MAB Port Configuration
authentication open
To allow network traffic prior to a succesful 802.1x authentication
It is a good idea to use this command in conjunction with a restrictive ACL.
Back
![Page 9: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/9.jpg)
Network Infrastructure Configuration for MAB Port Configuration
authentication order mab dot1x
The switch port will attempt MAB authentication before 802.1x. You may wantto revise this order if the bulk of endpoints are 802.1x doing so will reducedelays.
Back
![Page 10: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/10.jpg)
authentication priority dot1x mab
Network Infrastructure Configuration for MAB Port Configuration
Allthough MAB may be configured first, if the endpoint is also capable of 802.1xAs well then 802.1x authentication will take priority over MAB
By default the priority changes when the order is changed.
Back
![Page 11: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/11.jpg)
Network Infrastructure Configuration for MAB Port Configuration
authentication port-control auto
Options include :-
Forced Un-authorized
Forced Authorized
Auto
Back
![Page 12: Network Infrastructure Configuration for MAB Port Configuration Interface fastethernet 0/1 description Trustsec:802.1X+MAB+MultiAuth switchport access.](https://reader036.fdocuments.us/reader036/viewer/2022082518/56649ea45503460f94ba91ad/html5/thumbnails/12.jpg)
Network Infrastructure Configuration for MAB Port Configuration
dot1x pae authenticator
Enables 802.1X authentication on the interface, and sets the port personality toauthenticator.
pae = Port Access Enitity
Back