Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

49-114

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 49 Configuring 802.1X Port-Based Authentication

Controlling Switch Access with RADIUS

To disable AAA, use the no aaa new-model global configuration command. To disable the AAA server functionality on the

switch, use the no aaa server radius dynamic authorization global configuration command:

Switch(config)# aaa server radius dynamic-author

Switch(config-locsvr-da-radius)# client ip addr vrf vrfname

Switch(config-locsvr-da-radius)# server-key cisco123

Switch(config-locsvr-da-radius)# port 3799

Note Default port for packet of disconnect is 1700. Port 3799 is required to interoperate with ACS 5.1.

Switch(config)# authentication command bounce-port ignore

Monitoring and Troubleshooting CoA Functionality

The following Cisco IOS commands can be used to monitor and troubleshoot CoA functionality on the switch:

• debug radius

• debug aaa coa

• debug aaa pod

• debug aaa subsys

• debug cmdhd [detail | error | events]

• show aaa attributes protocol radius

Step 8

Switch(config-locsvr-da-radius)#

ignore session-key

(Optional) Configures the switch to ignore the session-key.

For more information about the ignore command, see the Cisco IOS

Intelligent Services Gateway Command Reference on Cisco.com.

Step 9

Switch(config-locsvr-da-radius)#

ignore server-key

(Optional) Configures the switch to ignore the server-key.

For more information about the ignore command, see the Cisco IOS

Intelligent Services Gateway Command Reference on Cisco.com.

Step 10

Switch(config-locsvr-da-radius)#

exit

Switches to global configuration mode.

Step 11

Switch(config)# authentication

command bounce-port ignore

(Optional) Configures the switch to ignore a CoA request to temporarily

disable the port hosting a session. The purpose of temporarily disabling

the port is to trigger a DHCP renegotiation from the host when a VLAN

change occurs and there is no supplicant on the endpoint to detect the

change.

Step 12

Switch(config)# authentication

command disable-port ignore

(Optional) Configures the switch to ignore a nonstandard command

requesting that the port hosting a session be administratively shut down.

Shutting down the port results in termination of the session.

Use standard CLI or SNMP commands to re-enable the port.

Step 13

Switch# end

Returns to privileged EXEC mode.

Step 14

Switch# show running-config

Verifies your entries.

Step 15

Switch# copy running-config

startup-config

(Optional) Saves your entries in the configuration file.

Command Purpose

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E