Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

49-33

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 49 Configuring 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication

To configure the RADIUS server parameters on the switch, perform this task:

Command Purpose

Step 1

Switch# configure terminal

Enters global configuration mode.

Step 2

Switch(config)# radius-server host

{hostname | ip-address} auth-port

port-number [acct-port port-number]

[test username name]

[ignore-auth-port] [ignore-acct-port]

[idle-time min] key string

Configures the RADIUS server parameters on the switch.

For hostname | ip-address, specify the hostname or IP address of the

remote RADIUS server.

To delete the specified RADIUS server, use the no radius-server host

{hostname | ip-address} global configuration command.

auth-port port-number—Specifies the UDP destination port for

authentication requests. The default is 1645.

acct-port port-number—Specifies the UDP destination port for

accounting requests. The default is 1646.

Use test username name to enable automated RADIUS server testing,

and to detect the RADIUS server going up and down. The name

parameter is the username used in the test access request sent to the

RADIUS server; it does not need to be a valid user configured on the

server. The ignore-auth-port and ignore-acct-port options disable

testing on the authentication and accounting ports respectively.

The idle-time min parameter specifies the number of minutes before

an idle RADIUS server is tested to verify that it is still up. The default

is 60 minutes.

The key string specifies the authentication and encryption key used

between the switch and the RADIUS daemon running on the RADIUS

server. The key is a text string that must match the encryption key used

on the RADIUS server.

Note Always configure the key as the last item in the

radius-server host command syntax because leading spaces

are ignored, but spaces within and at the end of the key are

used. If you use spaces in the key, do not enclose the key in

quotation marks unless the quotation marks are part of the key.

This key must match the encryption used on the RADIUS

daemon.

If you want to use multiple RADIUS servers, use this command

multiple times.

Step 3

Switch(config)# radius-server

deadtime min

(Optional) Configures the number of minutes before a dead RADIUS

server is tested to check whether it has come back up. The default is 1

minute.

Step 4

Switch(config)# radius-server

dead-criteria time seconds tries num

(Optional) Configures the criteria used to decide whether a RADIUS

server is dead. The time parameter specifies the number of seconds

after which a request to the server is unanswered before it is

considered dead. The tries parameter specifies the number of times a

request to the server is unanswered before it is considered dead.

The recommended values for these parameters are tries equal to

radius-server retransmit and time equal to radius-server

retransmit x radius-server timeout.

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E

Cisco Catalyst 4500 Series Software Configuration Guide

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Questions and Answers:

Cisco Catalyst 4500 Series Specifications

Related product manuals