Cisco Ccna (640-553) Exam Security Training: Using The Aaa Authentication Dot1x Command

In today’s article, I’m going to inform you about the Cisco IOS global configuration mode command named “aaa authentication dot1x”.

Network administrators (like you) use the “aaa authentication dot1x” command to specify one or more AAA methods for use on interfaces running IEEE 802.1X.

In other words, when using this command you name the list of methods that the authentication algorithm will try in given sequence to validate the password provided by the user. Currently, the only true method that is “802.1x compliant” is the group radius method; this simply means that when a user needs to be authenticated, it is a RADIUS authentication server that does it. But, if you choose to use the group radius method, make sure that the RADIUS server is configured with the global configuration command named radius-server host.

Below is the command’s syntax:

Syntax: aaa authentication dot1x {default | listname} method1 [method2...]

As you can see, the aaa authentication dot1x command also uses the keywords “default” and “listname”

The “default” keyword tells the router to use the following listed authentication methods as the default methods when a user attempts login in. And, the “listname” keyword is used to name the list of authentication methods tried when a user attempts to login.

And, below are the different “authentication” methods (keywords) that can be used:

•enable—This keyword uses the enable password for authentication.
•group radius—This keyword uses the list of all RADIUS servers for authentication.
•line—This keyword uses the line password for authentication.
•local—This keyword uses the local username database for authentication.
•local-case—This keyword uses the case-sensitive local username database for authentication.
•none—This keyword uses no authentication. The client is automatically authenticated by the switch or router without using the information supplied by the client.

And, like with mostly all Cisco IOS commands; you can use the word “no” in front of the command to remove (disable) the configured command; like you see below:

Router(config)#no aaa authentication dot1x default group radius none

Remember, in order for you to use the “aaa authentication dot1x” command; your router(s) must be running Cisco IOS 12.3(4)T or higher.

I hope this article was very informative and helped you quickly understand the usage of the aaa authentication dot1x command. If you need to learn more; I suggest you visit my website, were you’ll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.

To your success,

By: Charles E Ross

Article Directory: http://www.articledashboard.com

Charles Ross, CCNP #CSCO10444244 is the owner of Ittechtips.com; where you'll find free comprehensive information and videos on how to pass the CCNA (640-553) security exam. Sign-Up for "100 Free Videos" and, also learn more about the new "Cisco CCNA (640-553) Video Accelerated Training Course" at his website. www.ccnaittechtips.com