Hi Guys!
I was assigned to a team that has to config dot1x to a company switches. My main domain is routing and switching only but i have done some research about the command usage.
Here's the template i got from the PM (Port only):
-----------------
interface range fastEthernet 0/1-24
switchport access vlan X (Data)
switchport mode access
switchport voice vlan Y (Voice)
authentication event fail action next-method
authentication event server dead action authorize vlan X (Data) (Same Vlan X in the switchport access vlan X command)
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
-----------------
Let me explain the commands with my understanding first.
The commands:
-----------------
authentication host-mode multi-domain
authentication event fail action next-method
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
-----------------
This is a port which has a Computer with an IP Phone attached to it. The order of authentication is dot1x, MAC Address, webauth, and the last line is enable dot1x on the port.
Now these command that i think i don't fully understand, it would be great if you guys can help me clarify these:
The commands:
-----------------
authentication event server dead action authorize vlan X (Data)
authentication event server dead action authorize voice
authentication event server alive action reinitialize
mab
dot1x pae authenticator
-----------------
When the Radius servers is dead the voice device will be placed in the voice vlan command in the interface configuration, and the computer will be placed in the data vlan in the switchport access command. User start authenticate to Radius server when the servers are up again.
What do the mab and dot1x pae authenticator do?
In this configuration, i don't see the commands that help the PC & IPPhone to authenticate to radius server or talk with ISE when the servers is up but when i use the config, everything works fine. Am i missing something?
I hope you guys can help me.
Many thanks!
No comments:
Post a Comment