Security Management
316
Managed Switches
The following example shows how to authenticate the dot1x users by a RADIUS server. The
management IP address is 10.100.5.33/24. The example is shown as CLI commands and as
a web interface procedure.
CLI: Authenticating dot1x Users by a RADIUS Server
1. Assign an IP address to 1/0/19, and set force authorized mode to this port, and create a
user name list dot1xList.
2. Use RADIUS to authenticate the dot1x users.
3. Configure a RADIUS authentication server.
4. Configure the shared secret between the RADIUS client and the server.
5. Set the RADIUS server as a primary server.
(Netgear Switch) #config
(Netgear Switch) (Config)#ip routing
(Netgear Switch) (Config)#interface 1/0/1
(Netgear Switch) (Interface 1/0/1)#routing
(Netgear Switch) (Interface 1/0/1)#ip address 192.168.1.1 255.255.255.0
(Netgear Switch) (Config)#dot1x system-auth-control
(Netgear Switch) (Config)#interface 1/0/19
(Netgear Switch) (Interface 1/0/19)#routing
(Netgear Switch) (Interface 1/0/19)#ip address 10.100.5.33 255.255.255.0
(Netgear Switch) (Interface 1/0/19)#dot1x port-control force-authorized
(Netgear Switch) (Config)#aaa authentication dot1x default radius
(Netgear Switch) (Config)#radius server host auth 10.100.5.17
Netgear Switch) (Config)#radius server key auth 10.100.5.17
Enter secret (16 characters max):123456
Re-enter secret:123456
(Netgear Switch) (Config)#radius server msgauth 10.100.5.17
(Netgear Switch) (Config)# radius server primary 10.100.5.17
To Next Page
Loading...
