PurposeCommand or Action
Enables AAA.aaa new-model
Example:
Switch(config)# aaa new-model
Step 2
Sets the conditions that determine when a RADIUS server is considered
un-available or down (dead).
radius-server dead-criteria{time seconds }
[tries number]
Step 3
Example:
Switch(config)# radius-server
• time— 1 to 120 seconds. The switch dynamically determines a
default seconds value between 10 and 60.
• number—1 to 100 tries. The switch dynamically determines a default
triesnumber between 10 and 100.
dead-criteria time 20 tries 10
(Optional) Sets the number of minutes during which a RADIUS server is
not sent requests. The range is from 0 to 1440 minutes (24 hours). The
default is 0 minutes.
radius-serverdeadtimeminutes
Example:
Switch(config)# radius-server deadtime
Step 4
60
(Optional) Configure the RADIUS server parameters by using these
keywords:
radius-server host ip-address
address[acct-port udp-port][auth-port
Step 5
udp-port] [testusername name[idle-time time]
• acct-portudp-port—Specify the UDP port for the RADIUS
accounting server. The range for the UDP port number is from 0 to
65536. The default is 1646.
[ignore-acct-port][ignore auth-port]] [key
string]
Example:
Switch(config)# radius-server host
• auth-portudp-port—Specify the UDP port for the RADIUS
authentication server. The range for the UDP port number is from 0
to 65536. The default is 1645.
1.1.1.2 acct-port 1550 auth-port
1560 test username user1 idle-time 30
You should configure the UDP port for the RADIUS
accounting server and the UDP port for the RADIUS
authentication server to nondefault values.
Note
key abc1234
• test usernamename—Enable automated testing of the RADIUS
server status, and specify the username to be used.
• idle-time time—Set the interval of time in minutes after which the
switch sends test packets to the server. The range is from 1 to 35791
minutes. The default is 60 minutes (1 hour).
• ignore-acct-port—Disable testing on the RADIUS-server accounting
port.
• ignore-auth-port—Disable testing on the RADIUS-server
authentication port.
•
For keystring, specify the authentication and encryption key used
between the switch and the RADIUS daemon running on the
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29048-01 329
Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Inaccessible Authentication Bypass with Critical Voice VLAN
To Next Page
Loading...
Need help?
General