Configuring RADIUS Server Support for Switch Services
Configuring and Using RADIUS-Assigned Access Control Lists
Syntax: aaa port-access authenticator < port-list >
aaa authentication port-access chap-radius
aaa port-access authenticator active
These commands configure 802.1X port-based access control on
the switch, and activates this feature on the specified ports. For
more on 802.1X configuration and operation, refer to chapter 11,
“Configuring Port-Based and User-Based Access Control
(802.1X)” in this guide.
MAC Authentication Option:
Syntax: aaa port-access mac-based < port-list >
This command configures MAC authentication on the switch and
activates this feature on the specified ports. For more on MAC
authentication, refer to chapter 3, “Web and MAC Authentica-
tion”.
Web Authentication Option:
Syntax: aaa port-access web-based < port-list >
This command configures Web authentication on the switch and
activates this feature on the specified ports. For more on Web
authentication, refer to chapter 3, “Web and MAC Authentica-
tion”.
Displaying the Current Dynamic Port ACL Activity
on the Switch
These commands output data indicating the current ACL activity imposed per-
port by RADIUS server responses to client authentication.
Syntax: show access-list radius < port-list >
For the specified ports, this command lists the explicit ACEs, switch
port, and client MAC address for each ACL dynamically assigned by
a RADIUS server as a response to client authentication. If cnt
(counter) is included in an ACE, then the output includes the current
number of inbound packet matches the switch has detected in the
current session for that ACE.
Note: If a client authenticates but the server does not return a
dynamic port ACL to the client port, then the server does not have a
valid ACL configured and assigned to that client’s authentication
credentials.
6-21
To Next Page
Loading...
