Configuring 802.

1X Authentication
Let’s take a look at the topology shown in Figure 4-44.
You are being hired to configure 802.1X in SecretCorp.
The goal is to deploy 802.1X authentication in all of
SecretCorp’s switches and use ISE. SecretCorp’s switch
1 (sc-sw1) is used in this example.
Figure 4-44 SecretCorp 802.1x Deployment
First, you need to configure certificates for URL
redirection. To configure certificates for URL
redirection, perform the following steps from global
configuration mode on the switch (sc-sw1):
Step 1. Configure the DNS domain name on the
switch. The domain name is secretcorp.org.
sc-sw1(config)# ip domain-name secretcorp.org
Note
Cisco IOS does not allow for certificates, or even selfgenerated
keys, to be created and installed without first
defining a DNS domain name on the device.
Step 2. Generate self-signed keys to be used for
HTTPS. The following command generates a
general-usage 2048-bit RSA key pair:
Step 3. Enable the HTTP server and configure HTTP
Secure server in global configuration mode.
Always use HTTPS instead of HTTP.
sc-sw1(config)# ip http server
sc-sw1(config)# ip http secure-server
Tip
In many cases, organizations require that this redirection
process using the switch’s internal HTTP server is
decoupled from the management of the switch itself. If you
are not using HTTP for management, then decoupling the
HTTP server is highly recommended. This is done by
following the next two commands:
Step 4. Enable the C3PL configuration style within
privileged EXEC mode: