Cisco Catalyst 4500 Series Configuration Manual page 1001
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Chapter 44
Configuring 802.1X Port-Based Authentication
To configure the RADIUS server parameters on the switch, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# radius-server host
{hostname | ip-address} auth-port
port-number [acct-port port-number]
[test username name]
[ignore-auth-port] [ignore-acct-port]
[idle-time min] key string
Step 3
Switch(config-if)# radius deadtime
min
Step 4
Switch(config-if)# radius
dead-criteria time seconds tries num
OL-25340-01
Purpose
Enters global configuration mode.
Configures the RADIUS server parameters on the switch.
For hostname | ip-address, specify the hostname or IP address of the
remote RADIUS server.
To delete the specified RADIUS server, use the no radius-server host
{hostname | ip-address} global configuration command.
auth-port port-number—Specifies the UDP destination port for
authentication requests. The default is 1645.
acct-port port-number—Specifies the UDP destination port for
accounting requests. The default is 1646.
Use test username name to enable automated RADIUS server testing,
and to detect the RADIUS server going up and down. The name
parameter is the username used in the test access request sent to the
RADIUS server; it does not need to be a valid user configured on the
server. The ignore-auth-port and ignore-acct-port options disable
testing on the authentication and accounting ports respectively.
The idle-time min parameter specifies the number of minutes before
an idle RADIUS server is tested to verify that it is still up. The default
is 60 minutes.
The key string specifies the authentication and encryption key used
between the switch and the RADIUS daemon running on the RADIUS
server. The key is a text string that must match the encryption key used
on the RADIUS server.
Always configure the key as the last item in the
Note
radius-server host command syntax because leading spaces
are ignored, but spaces within and at the end of the key are
used. If you use spaces in the key, do not enclose the key in
quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS
daemon.
If you want to use multiple RADIUS servers, use this command
multiple times.
(Optional) Configures the number of minutes before a dead RADIUS
server is tested to check whether it has come back up. The default is 1
minute.
(Optional) Configures the criteria used to decide whether a RADIUS
server is dead. The time parameter specifies the number of seconds
after which a request to the server is unanswered before it is
considered dead. The tries parameter specifies the number of times a
request to the server is unanswered before it is considered dead.
The recommended values for these parameters are tries equal to
radius-server retransmit and time equal to radius-server
retransmit x radius-server timeout.
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring 802.1X Port-Based Authentication
44-33
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
