802.1x on Cisco Catalyst 2950

Latest posts

Post cover

EVE-NG Linux VM SSH troubleshooting
September 20, 2025

Post cover

Optimizing Strata Cloud Manager API usage
September 14, 2025

Post cover

Authenticating to the Strata Cloud Manager API
September 07, 2025

Post cover

Logging into Cisco ACI
September 03, 2025

Post cover

Automating operations with Strata Cloud Manager
August 31, 2025

Categories

Category cover

Automation
155 posts

Category cover

Learning paths
119 posts

Category cover

CISO
22 posts

Category cover

Security
20 posts

Category cover

Notes
19 posts

Category cover

Personal Security
18 posts

Category cover

Infrastructure
12 posts

Category cover

OT/ICS
5 posts

Category cover

Books
3 posts

Category cover

UNetLab
3 posts

Category cover

Write-up
3 posts

Category cover

OSInt
2 posts

Category cover

My life
1 posts

802.1x on Cisco Catalyst 2950

Andrea Dainese
July 17, 2014
Notes
Post cover

A very short post about 802.1x (dot1x) on Cisco Catalyst 2950 series. Configure RADIUS and enable dot1x on the switch:

aaa authentication dot1x default group radius
aaa accounting dot1x default start-stop group radius
dot1x system-auth-control

Then enable dot1x on all interfaces (additional security commands are added in the example below):

interface FastEthernet0/1
 switchport mode access
 switchport nonegotiate
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 dot1x port-control auto
 dot1x timeout tx-period 2
 dot1x guest-vlan 666
 dot1x auth-fail vlan 666
 no cdp enable
 spanning-tree portfast
 spanning-tree bpduguard enable

Additional notes:

  • Be sure you have the latest IOS (c2950-i6k2l2q4-mz.121-22.EA14.bin) or an unauthorized port won’t learn the PC’s MAC address.