SlideShare uma empresa Scribd logo

Ieee 802.1 x

Swapnil Kapate
Swapnil Kapate
1 de 1
Baixar para ler offline
IEEE 802.1X packetlife.net 802.1X Header Terminology 1 1 2 Extensible Authentication Protocol (EAP) Version Type Length EAP A flexible authentication framework defined in RFC 3748 EAP Over LANs (EAPOL) EAP encapsulated by 802.1X for transport across LANs EAP Header Supplicant 1 1 2 The device (client) attached to an access link that requests Code Identifier Length Data authentication by the authenticator Authenticator EAP Flow Chart The device that controls the status of a link; typically a wired switch or wireless access point Authentication Supplicant Authenticator Server Authentication Server A backend server which authenticates the credentials provided by supplicants (for example, a RADIUS server) Guest VLAN Fallback VLAN for clients not 802.1X-capable Restricted VLAN Identity Request Fallback VLAN for clients which fail authentication 802.1X Packet Types EAP Codes Identity Response Access Request 0 EAP Packet 1 Request Challenge Request Access Challenge 1 EAPOL-Start 2 Response 2 EAPOL-Logoff 3 Success Challenge Response Access Request 3 EAPOL-Key 4 Failure 4 EAPOL-Encap-ASF-Alert EAP Req/Resp Types Success Access Accept Interface Defaults 1 Identity EAP RADIUS Max Auth Requests 2 2 Notification Configuration Reauthentication Off 3 Nak Quiet Period 60s 4 MD5 Challenge ! Define a RADIUS server Global Configuration radius-server host 10.0.0.100 Reauth Period 1hr 5 One Time Password radius-server key MyRadiusKey ! Configure 802.1X to authenticate via AAA Server Timeout 30s 6 Generic Token Card aaa new-model Supplicant Timeout 30s 254 Expanded Types aaa authentication dot1x default group radius ! Enable 802.1X authentication globally Tx Period 30s 255 Experimental dot1x system-auth-control Port-Control Options ! Static access mode Interface Configuration force-authorized switchport mode access ! Enable 802.1X authentication per port Port will always remain in authorized state (default) dot1x port-control auto force-unauthorized ! Configure host mode (single or multi) Always unauthorized; authentication attempts are ignored dot1x host-mode single-host ! Configure maximum authentication attempts auto dot1x max-reauth-req Supplicants must authenticate to gain access ! Enable periodic reauthentication dot1x reauthentication Troubleshooting ! Configure a guest VLAN dot1x guest-vlan 123 show dot1x [statistics] [interface <interface>] ! Configure a restricted VLAN dot1x test eapol-capable [interface <interface>] dot1x auth-fail vlan 456 dot1x auth-fail max-attempts 3 dot1x re-authenticate interface <interface> by Jeremy Stretch v2.0

Recomendados

802.1x
802.1x802.1x
802.1xAlp isik
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication StandardDan Miller
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xMohamed Gamel
 
At8000 s configurando_8021x
At8000 s configurando_8021xAt8000 s configurando_8021x
At8000 s configurando_8021xNetPlus
 
Ali shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1XAli shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1XAli Shahbazi Khojasteh
 
802.1x
802.1x802.1x
802.1xakruthi k
 

Recomendados

802.1x
802.1x802.1x
802.1xAlp isik
 
802.1x authentication
802.1x authentication802.1x authentication
802.1x authenticationXiaoqi Zhao
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
802.1x Authentication Standard
802.1x Authentication Standard802.1x Authentication Standard
802.1x Authentication StandardDan Miller
 
Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xMohamed Gamel
 
At8000 s configurando_8021x
At8000 s configurando_8021xAt8000 s configurando_8021x
At8000 s configurando_8021xNetPlus
 
Ali shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1XAli shahbazi khojasteh dot1X
Ali shahbazi khojasteh dot1XAli Shahbazi Khojasteh
 
802.1x
802.1x802.1x
802.1xakruthi k
 
802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for SeacoastSithideth Banavong
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 xAnwesh Dixit
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationAxis Communications
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)rinnocente
 
ArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideAruba, a Hewlett Packard Enterprise company
 
8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guideWilson Ospina
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02Ravi Ranjan
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014TOM LIU
 
Iuwne10 S03 L02
Iuwne10 S03 L02Iuwne10 S03 L02
Iuwne10 S03 L02Ravi Ranjan
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba, a Hewlett Packard Enterprise company
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Dhruv Sharma
 
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyAlberto Rivai
 
PIW ISE best practices
PIW ISE best practicesPIW ISE best practices
PIW ISE best practicesSergey Kucherenko
 
Iuwne10 S02 L05
Iuwne10 S02 L05Iuwne10 S02 L05
Iuwne10 S02 L05Ravi Ranjan
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
Vpn
VpnVpn
Vpnanishrssb
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MABEmerson Barros Rivas
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 

Mais conteúdo relacionado

Mais procurados

802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for SeacoastSithideth Banavong
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationAxis Communications
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)rinnocente
 
8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guideWilson Ospina
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014TOM LIU
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authenticationAlberto Rivai
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Dhruv Sharma
 
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyAlberto Rivai
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 

Mais procurados (20)

802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast802.1x Implementation Plan for Seacoast
802.1x Implementation Plan for Seacoast
 
IEEE 802.1 x
IEEE 802.1 xIEEE 802.1 x
IEEE 802.1 x
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ Implementation
 
radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)radius dhcp dot1.x (802.1x)
radius dhcp dot1.x (802.1x)
 
ArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start Guide
 
8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guide
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User Guide
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014
 
Iuwne10 S03 L02
Iuwne10 S03 L02Iuwne10 S03 L02
Iuwne10 S03 L02
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guide
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
Palo Alto Networks authentication
Palo Alto Networks authenticationPalo Alto Networks authentication
Palo Alto Networks authentication
 
Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE Tacacs+ with ise 2.4_ CCIE
Tacacs+ with ise 2.4_ CCIE
 
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
 
PIW ISE best practices
PIW ISE best practicesPIW ISE best practices
PIW ISE best practices
 
Iuwne10 S02 L05
Iuwne10 S02 L05Iuwne10 S02 L05
Iuwne10 S02 L05
 
Remote access service
Remote access serviceRemote access service
Remote access service
 
Vpn
VpnVpn
Vpn
 

Destaque

Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISECisco Canada
 

Destaque (7)

ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and Update
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
 
Holistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimizationHolistic view of 802.1x integration & optimization
Holistic view of 802.1x integration & optimization
 

Semelhante a Ieee 802.1 x

Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xmatoko
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfdjameleddine2015
 
Wireless Security Policy
Wireless Security PolicyWireless Security Policy
Wireless Security Policyserpentine707
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networksSahil Rai
 
802 11 3
802 11 3802 11 3
802 11 3rphelps
 
Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1Novell
 
EAP-TLS (extended version)
EAP-TLS (extended version)EAP-TLS (extended version)
EAP-TLS (extended version)Karri Huhtanen
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewSteven Wilder
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Yury Chemerkin
 
Fy09 Sask Tel Learn It Ws 2008 R2 Charlie Russel
Fy09 Sask Tel Learn It Ws 2008 R2 Charlie RusselFy09 Sask Tel Learn It Ws 2008 R2 Charlie Russel
Fy09 Sask Tel Learn It Ws 2008 R2 Charlie Russelsim100
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3Chema Alonso
 
Somerdata AROW Data Diode
Somerdata AROW Data DiodeSomerdata AROW Data Diode
Somerdata AROW Data DiodeSomerdata
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesCisco Mobility
 

Semelhante a Ieee 802.1 x (20)

Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 x
 
Sw8021x
Sw8021xSw8021x
Sw8021x
 
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdfConfiguring Wired 802.1x Authentication on Windows Server 2012.pdf
Configuring Wired 802.1x Authentication on Windows Server 2012.pdf
 
Wireless Security Policy
Wireless Security PolicyWireless Security Policy
Wireless Security Policy
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networks
 
802 11 3
802 11 3802 11 3
802 11 3
 
Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1Troubleshooting Novell Access Manager 3.1
Troubleshooting Novell Access Manager 3.1
 
Iuwne10 S04 L04
Iuwne10 S04 L04Iuwne10 S04 L04
Iuwne10 S04 L04
 
11 01 Tbd I Radius Security
11 01 Tbd I Radius Security11 01 Tbd I Radius Security
11 01 Tbd I Radius Security
 
EAP-TLS (extended version)
EAP-TLS (extended version)EAP-TLS (extended version)
EAP-TLS (extended version)
 
Privileged Access Manager POC Guidelines
Privileged Access Manager POC GuidelinesPrivileged Access Manager POC Guidelines
Privileged Access Manager POC Guidelines
 
Jetty TLS troubleshooting
Jetty TLS troubleshootingJetty TLS troubleshooting
Jetty TLS troubleshooting
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 Overview
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
cudbardbell-freetheradius
cudbardbell-freetheradiuscudbardbell-freetheradius
cudbardbell-freetheradius
 
Fy09 Sask Tel Learn It Ws 2008 R2 Charlie Russel
Fy09 Sask Tel Learn It Ws 2008 R2 Charlie RusselFy09 Sask Tel Learn It Ws 2008 R2 Charlie Russel
Fy09 Sask Tel Learn It Ws 2008 R2 Charlie Russel
 
[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3[SOS 2009] D-Link: Red Segura L2 L3
[SOS 2009] D-Link: Red Segura L2 L3
 
Somerdata AROW Data Diode
Somerdata AROW Data DiodeSomerdata AROW Data Diode
Somerdata AROW Data Diode
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 

Mais de Swapnil Kapate

Training development382
Training development382Training development382
Training development382Swapnil Kapate
 
The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)Swapnil Kapate
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bullsSwapnil Kapate
 
Cloud computing e gov-12
Cloud computing e gov-12Cloud computing e gov-12
Cloud computing e gov-12Swapnil Kapate
 
Advanced troubleshooting
Advanced troubleshootingAdvanced troubleshooting
Advanced troubleshootingSwapnil Kapate
 
Ip addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbookIp addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbookSwapnil Kapate
 

Mais de Swapnil Kapate (20)

Training development382
Training development382Training development382
Training development382
 
E governance
E governanceE governance
E governance
 
D2014082010
D2014082010D2014082010
D2014082010
 
The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)The itil foundation_certificate_syllabus (2) (1)
The itil foundation_certificate_syllabus (2) (1)
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
 
Cloud computing e gov-12
Cloud computing e gov-12Cloud computing e gov-12
Cloud computing e gov-12
 
Cctns trg syllabus
Cctns trg syllabusCctns trg syllabus
Cctns trg syllabus
 
Advanced troubleshooting
Advanced troubleshootingAdvanced troubleshooting
Advanced troubleshooting
 
Ccna read
Ccna readCcna read
Ccna read
 
certificate
certificatecertificate
certificate
 
Networking
NetworkingNetworking
Networking
 
Ip addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbookIp addressing and subnetting instructors workbook
Ip addressing and subnetting instructors workbook
 
Voip basics
Voip basicsVoip basics
Voip basics
 
Vla ns
Vla nsVla ns
Vla ns
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Spanning tree
Spanning treeSpanning tree
Spanning tree
 
Scapy
ScapyScapy
Scapy
 
Rip
RipRip
Rip
 
Qo s
Qo sQo s
Qo s
 
Ppp
PppPpp
Ppp
 

Ieee 802.1 x

  • 1. IEEE 802.1X packetlife.net 802.1X Header Terminology 1 1 2 Extensible Authentication Protocol (EAP) Version Type Length EAP A flexible authentication framework defined in RFC 3748 EAP Over LANs (EAPOL) EAP encapsulated by 802.1X for transport across LANs EAP Header Supplicant 1 1 2 The device (client) attached to an access link that requests Code Identifier Length Data authentication by the authenticator Authenticator EAP Flow Chart The device that controls the status of a link; typically a wired switch or wireless access point Authentication Supplicant Authenticator Server Authentication Server A backend server which authenticates the credentials provided by supplicants (for example, a RADIUS server) Guest VLAN Fallback VLAN for clients not 802.1X-capable Restricted VLAN Identity Request Fallback VLAN for clients which fail authentication 802.1X Packet Types EAP Codes Identity Response Access Request 0 EAP Packet 1 Request Challenge Request Access Challenge 1 EAPOL-Start 2 Response 2 EAPOL-Logoff 3 Success Challenge Response Access Request 3 EAPOL-Key 4 Failure 4 EAPOL-Encap-ASF-Alert EAP Req/Resp Types Success Access Accept Interface Defaults 1 Identity EAP RADIUS Max Auth Requests 2 2 Notification Configuration Reauthentication Off 3 Nak Quiet Period 60s 4 MD5 Challenge ! Define a RADIUS server Global Configuration radius-server host 10.0.0.100 Reauth Period 1hr 5 One Time Password radius-server key MyRadiusKey ! Configure 802.1X to authenticate via AAA Server Timeout 30s 6 Generic Token Card aaa new-model Supplicant Timeout 30s 254 Expanded Types aaa authentication dot1x default group radius ! Enable 802.1X authentication globally Tx Period 30s 255 Experimental dot1x system-auth-control Port-Control Options ! Static access mode Interface Configuration force-authorized switchport mode access ! Enable 802.1X authentication per port Port will always remain in authorized state (default) dot1x port-control auto force-unauthorized ! Configure host mode (single or multi) Always unauthorized; authentication attempts are ignored dot1x host-mode single-host ! Configure maximum authentication attempts auto dot1x max-reauth-req Supplicants must authenticate to gain access ! Enable periodic reauthentication dot1x reauthentication Troubleshooting ! Configure a guest VLAN dot1x guest-vlan 123 show dot1x [statistics] [interface <interface>] ! Configure a restricted VLAN dot1x test eapol-capable [interface <interface>] dot1x auth-fail vlan 456 dot1x auth-fail max-attempts 3 dot1x re-authenticate interface <interface> by Jeremy Stretch v2.0