PurposeCommand or Action
Enters dynamic authorization local server configuration mode and
specifies a RADIUS client from which a device will accept CoA
and disconnect requests.
client {ip-address | name} [vrf vrfname]
[server-key string]
Step 5
Configures the RADIUS key to be shared between a device and
RADIUS clients.
server-key [0 | 7] string
Example:
Switch(config-sg-radius)# server-key
Step 6
your_server_key
Specifies the port on which a device listens for RADIUS requests
from configured RADIUS clients.
port port-number
Example:
Switch(config-sg-radius)# port 25
Step 7
Specifies the type of authorization the switch uses for RADIUS
clients.
auth-type {any | all | session-key}
Example:
Switch(config-sg-radius)# auth-type any
Step 8
The client must match all the configured attributes for authorization.
(Optional) Configures the switch to ignore the session-key.ignore session-key
Step 9
For more information about the ignore command, see the Cisco
IOS Intelligent Services Gateway Command Reference on
Cisco.com.
(Optional) Configures the switch to ignore the server-key.ignore server-key
Step 10
Example:
Switch(config-sg-radius)# ignore
For more information about the ignore command, see the Cisco
IOS Intelligent Services Gateway Command Reference on
Cisco.com.
server-key
(Optional) Configures the switch to ignore a CoA request to
temporarily disable the port hosting a session. The purpose of
authentication command bounce-port ignore
Example:
Switch(config-sg-radius)# authentication
Step 11
temporarily disabling the port is to trigger a DHCP renegotiation
from the host when a VLAN change occurs and there is no
supplicant on the endpoint to detect the change.
command bounce-port ignore
(Optional) Configures the switch to ignore a nonstandard command
requesting that the port hosting a session be administratively shut
down. Shutting down the port results in termination of the session.
authentication command disable-port ignore
Example:
Switch(config-sg-radius)# authentication
Step 12
Use standard CLI or SNMP commands to re-enable the port.
command disable-port ignore
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
100 OL-29048-01
Configuring RADIUS
Configuring CoA on the Switch
To Next Page
Loading...
Need help?
General