RADIUS Authentication and Accounting
Configuring a RADIUS Server To Specify Per-Port CoS and Rate-Limiting Services
2. Enter the switch IP address, NAS (Network Attached Server) type, and
the key in the FreeRADIUS clients.conf file. For example, if the switch IP
address is 10.10.10.125 and the key is “1234”, you would enter the follow
-
ing in the server’s clients.conf file:
client 10.10.10.125
Note: The key configured in the switch and the secret configured in
nastype = other
the RADIUS server supporting the switch must be identical. Refer to
the chapter titled “RADIUS Authentication and Accounting” in the
secret = 1234
Access Security Guide for your switch.
Figure 6-14. Example of Configuring the Switch’s Identity Information in a FreeRADIUS Server
3. For a given client username/password pair or MAC address, create an ACL
by entering one or more ACEs in the FreeRADIUS “users” file. Enter the
ACEs in an order that promotes optimum traffic management and conser
-
vation of system resources, and remember that every ACL you create
automatically includes an implicit deny in ip from any to any ACE. (Refer to
“Guidelines for Structuring a RADIUS-Based ACL” on page 6-34.) For
example, suppose that you wanted to create identical ACL support for the
following:
• a client having a username of “mobile011” and a password of
“run101112”
• a client having a MAC address of 08 E9 9C 4F 00 19
The ACL in this example must achieve the following:
• permit http (TCP port 80) traffic from the client to the device at
10.10.10.101
• deny http (TCP port 80) traffic from the client to all other devices
• permit all other traffic from the client to all other devices
To configure the above ACL, you would enter the username/password and
ACE information shown in figure
6-15 into the FreeRADIUS
users file.
6-39
To Next Page
Loading...
Need help?
General