Below is a quick guide on 802.1x port-based authentication using a radius server for authentication.

– Firstly enable AAA

ALS1(config)#aaa new-model

– Configure the location of the Radius-server

ALS1(config)#radius-server host 172.16.1.1 key abc123

– Then configure what exactly needs authentication, along with how to authenticate it. In this case dot1x, using radius as the authentication method.

ALS1(config)#aaa authentication dot1x default group radius

– To globally enable dot1x (note this just “enables” the feature as such)

ALS1(config)#dot1x system-auth-control

– Following that, is configuring the access port, or group of access ports to use 802.1x to authenticate users against radius. Note, IOS may not show dot1x sub-commands if you haven’t configured the port as an access port.

ALS1(config-if)#int fa0/6

ALS1(config-if)#switchport mode access

ALS1(config-if)#dot1x port-control ?

auto PortState will be set to AUTO

force-authorized PortState set to Authorized

force-unauthorized PortState will be set to UnAuthorized

ALS1(config-if)#dot1x port-control auto

Auto

– Enables 802.1x port-based Authentication

Force-authorized

– Disables 802.1x on the port, and the port will auto transition to the authorized state.

Force-Unauthorized

– Causes the port to remain in the unauthorised state, effectively making the port useless.