49-114
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Controlling Switch Access with RADIUS
To disable AAA, use the no aaa new-model global configuration command. To disable the AAA server functionality on the
switch, use the no aaa server radius dynamic authorization global configuration command:
Switch(config)# aaa server radius dynamic-author
Switch(config-locsvr-da-radius)# client ip addr vrf vrfname
Switch(config-locsvr-da-radius)# server-key cisco123
Switch(config-locsvr-da-radius)# port 3799
Note Default port for packet of disconnect is 1700. Port 3799 is required to interoperate with ACS 5.1.
Switch(config)# authentication command bounce-port ignore
Monitoring and Troubleshooting CoA Functionality
The following Cisco IOS commands can be used to monitor and troubleshoot CoA functionality on the switch:
• debug radius
• debug aaa coa
• debug aaa pod
• debug aaa subsys
• debug cmdhd [detail | error | events]
• show aaa attributes protocol radius
Step 8
Switch(config-locsvr-da-radius)#
ignore session-key
(Optional) Configures the switch to ignore the session-key.
For more information about the ignore command, see the Cisco IOS
Intelligent Services Gateway Command Reference on Cisco.com.
Step 9
Switch(config-locsvr-da-radius)#
ignore server-key
(Optional) Configures the switch to ignore the server-key.
For more information about the ignore command, see the Cisco IOS
Intelligent Services Gateway Command Reference on Cisco.com.
Step 10
Switch(config-locsvr-da-radius)#
exit
Switches to global configuration mode.
Step 11
Switch(config)# authentication
command bounce-port ignore
(Optional) Configures the switch to ignore a CoA request to temporarily
disable the port hosting a session. The purpose of temporarily disabling
the port is to trigger a DHCP renegotiation from the host when a VLAN
change occurs and there is no supplicant on the endpoint to detect the
change.
Step 12
Switch(config)# authentication
command disable-port ignore
(Optional) Configures the switch to ignore a nonstandard command
requesting that the port hosting a session be administratively shut down.
Shutting down the port results in termination of the session.
Use standard CLI or SNMP commands to re-enable the port.
Step 13
Switch# end
Returns to privileged EXEC mode.
Step 14
Switch# show running-config
Verifies your entries.
Step 15
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose
To Next Page
Loading...
