Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
3. If you selected either eap-radius or chap-radius for step 2, use the radius
host command to configure up to three RADIUS server IP address(es) on
the switch.
Syntax: radius host < ip-address >
Adds a server to the RADIUS configuration.
[key < server-specific key-string >]
Optional. Specifies an encryption key for use with the
specified server. This key must match the key used on
the RADIUS server. Use this option only if the specified
server requires a different key than configured for the
global encryption key.
Syntax: radius-server key < global key-string >
Specifies the global encryption key the switch uses for
sessions with servers for which the switch does not
have a server-specific key. This key is optional if all
RADIUS server addresses configured in the switch
include a server- specific encryption key.
4. Activate authentication on the switch.
Syntax: aaa port-access authenticator active
Activates 802.1X port-access on ports you have config-
ured as authenticators.
5. Test both the authorized and unauthorized access to your system to
ensure that the 802.1X authentication works properly on the ports you
have configured for port-access.
Not e If you want to implement the optional port-security feature on the switch, you
should first ensure that the ports you have configured as 802.1X authenticators
operate as expected. Then refer to
“Option For Authenticator Ports: Configure
Port-Security To Allow Only 802.1X-Authenticated Devices” on page 10-36.
After you complete steps 1 and 2, the configured ports are enabled for 802.1X
authentication (without VLAN operation), and you are ready to configure
VLAN Operation.
10-33
To Next Page
Loading...
