Volume 1 – Lab 2
IPexpert CCIE R&S Detailed Solutions Guide
A quick check: Cat2(config)#do sh dot1x all Sysauthcontrol Enabled Dot1x Protocol Version 2 Critical Recovery Delay 100 Critical EAPOL Disabled Dot1x Info for FastEthernet0/6 ----------------------------------PAE = AUTHENTICATOR PortControl = FORCE_AUTHORIZED ControlDirection = Both HostMode = SINGLE_HOST ReAuthentication = Disabled QuietPeriod = 60 ServerTimeout = 30 SuppTimeout = 30 ReAuthPeriod = 3600 (Locally configured) ReAuthMax = 2 MaxReq = 2 TxPeriod = 30 RateLimitPeriod = 0
2.11
Configure Fa0/18 on Cat2 to check to see if the client connected is capable of 802.1x authentications.
Just like we looked at above, there are three modes, but now we are asked to "see" whether the host is capable. While there is no query option, if we send out an EAP beacon and there is no response, that's a simple way to determine they weren't capable and not let them on. (More to come in other labs with some additional security steps or details to add in here, but for now, keep things simple.) Cat2 int Fa0/18 switchport mode access dot1x port-control auto
56
Copyright © 2010 by IPexpert, Inc. All Rights Reserved.
v1500