219
Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring the Switch-to-RADIUS-Server Communication
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS servers by using the
radius-server host global configuration command. If you want to configure these options on a per-server basis, use the
radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. For more
information, see Configuring Settings for All RADIUS Servers, page 176.
5. aaa authorization network {default}
group radius
(Optional) Configures the switch to use user-RADIUS authorization for all
network-related service requests, such as per-user ACLs or VLAN
assignment.
For per-user ACLs, single-host mode must be configured. This setting is
the default.
6. radius-server host ip-address (Optional) Specifies the IP address of the RADIUS server.
7. radius-server key string (Optional) Specifies the authentication and encryption key used between
the switch and the RADIUS daemon running on the RADIUS server.
8. interface interface-id Specifies the port connected to the client to enable for 802.1x
authentication, and enter interface configuration mode.
9. switchport mode access (Optional) Sets the port to access mode only if you configured the
RADIUS server in Step 6 and Step 7.
10. authentication port-control auto Enables 802.1x authentication on the port.
11. dot1x pae authenticator Sets the interface Port Access Entity to act only as an authenticator and
ignore messages meant for a supplicant.
12. end Returns to privileged EXEC mode.
13. show authentication Verifies your entries.
14. copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
To Next Page
Loading...
Need help?
General
