EasyManua.ls Logo

Cisco Catalyst 2950 - Configuring IEEE 802.1 X Authentication Using a RADIUS Server

Cisco Catalyst 2950
674 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
9-16
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global
configuration command.
This example shows how to specify the server with IP address 172.20.39.46 as the RADIUS server, to
use port 1612 as the authorization port, and to set the encryption key to rad123, matching the key on the
RADIUS server:
Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the radius-server host global configuration command. If you want to configure these
options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the
radius-server key global configuration commands. For more information, see the “Configuring Settings
for All RADIUS Servers” section on page 8-29.
You also need to configure some settings on the RADIUS server. These settings include the IP address
of the switch and the key string to be shared by both the server and the switch. For more information,
see the RADIUS server documentation.
Configuring IEEE 802.1x Authentication Using a RADIUS Server
In Cisco IOS Release 12.2(25)SEC, you can also configure IEEE 802.1x authentication with a RADIUS
server.
Note Catalyst 2950 LRE switches do not support NAC Layer 2 IEEE 802.1x authentication.
Beginning in privileged EXEC mode, follow these steps to configure IEEE 802.1x authentication with a
RADIUS server. The procedure is optional.
Step 4
show running-config Verify your entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port to be configured, and enter interface configuration mode.
Step 3
dot1x guest-vlan vlan-id Specify an active VLAN as an IEEE 802.1x guest VLAN. The range is 1
to 4094.
You can configure any active VLAN except an RSPAN VLAN, or a voice
VLAN as an IEEE 802.1x guest VLAN.
Step 4
dot1x reauthentication Enable periodic re-authentication of the client, which is disabled by
default.

Table of Contents

Other manuals for Cisco Catalyst 2950

Preview: Command Reference
Command Reference686 pages
Preview: Software Guide
Software Guide376 pages
Preview: Getting Started Guide
Getting Started Guide28 pages
Preview: Hardware Installation Guide
Hardware Installation Guide232 pages
Preview: Datasheet
Datasheet19 pages

Related product manuals