Cisco Catalyst 2960-X Security Configuration Manual page 124
Cisco ios release 15.0(2)ex
Hide thumbs
Also See for Catalyst 2960-X:
- Command reference manual (135 pages) ,
- Hardware installation manual (34 pages) ,
- Getting started manual (25 pages)
Table of Contents
Advertisement
Configuring CoA on the Switch
Command or Action
Step 5
client {ip-address | name} [vrf vrfname]
[server-key string]
Step 6
server-key [0 | 7] string
Example:
Switch(config-sg-radius)# server-key
your_server_key
Step 7
port port-number
Example:
Switch(config-sg-radius)# port 25
Step 8
auth-type {any | all | session-key}
Example:
Switch(config-sg-radius)# auth-type any
Step 9
ignore session-key
Step 10
ignore server-key
Example:
Switch(config-sg-radius)# ignore
server-key
Step 11
authentication command bounce-port ignore
Example:
Switch(config-sg-radius)# authentication
command bounce-port ignore
Step 12
authentication command disable-port ignore
Example:
Switch(config-sg-radius)# authentication
command disable-port ignore
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
100
Purpose
Enters dynamic authorization local server configuration mode and
specifies a RADIUS client from which a device will accept CoA
and disconnect requests.
Configures the RADIUS key to be shared between a device and
RADIUS clients.
Specifies the port on which a device listens for RADIUS requests
from configured RADIUS clients.
Specifies the type of authorization the switch uses for RADIUS
clients.
The client must match all the configured attributes for authorization.
(Optional) Configures the switch to ignore the session-key.
For more information about the ignore command, see the Cisco
IOS Intelligent Services Gateway Command Reference on
Cisco.com.
(Optional) Configures the switch to ignore the server-key.
For more information about the ignore command, see the Cisco
IOS Intelligent Services Gateway Command Reference on
Cisco.com.
(Optional) Configures the switch to ignore a CoA request to
temporarily disable the port hosting a session. The purpose of
temporarily disabling the port is to trigger a DHCP renegotiation
from the host when a VLAN change occurs and there is no
supplicant on the endpoint to detect the change.
(Optional) Configures the switch to ignore a nonstandard command
requesting that the port hosting a session be administratively shut
down. Shutting down the port results in termination of the session.
Use standard CLI or SNMP commands to re-enable the port.
Configuring RADIUS
OL-29048-01
Hide quick links:
Advertisement
Table of Contents
