Configuring Radius - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Controlling Switch Access with RADIUS
When the Auth Manager command handler on the stack master receives a valid bounce-port command,
it checkpoints this information before returning a CoA-ACK message:
•
•
The switch initiates a port-bounce (disables the port for 10 seconds, then re-enables it).
If the port-bounce is successful, the signal that triggered the port-bounce is removed from the standby
stack master.
If the stack master fails before the port-bounce completes, a port-bounce is initiated after stack master
change-over based on the original command (which is subsequently removed).
If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent
command as a new command.
Stacking Guidelines for CoA-Request Disable-Port
Because the disable-port command is targeted at a session, not a port, if the session is not found, the
command cannot be executed.
When the Auth Manager command handler on the stack master receives a valid disable-port command,
it verifies this information before returning a CoA-ACK message:
•
•
The switch attempts to disable the port.
If the port-disable operation is successful, the signal that triggered the port-disable is removed from the
standby stack master.
If the stack master fails before the port-disable operation completes, the port is disabled after stack
master change-over based on the original command (which is subsequently removed).
If the stack master fails before sending a CoA-ACK message, the new stack master treats the re-sent
command as a new command.
Configuring RADIUS
This section describes how to configure your switch to support RADIUS. At a minimum, you must
identify the host or hosts that run the RADIUS server software and define the method lists for RADIUS
authentication. You can optionally define method lists for RADIUS authorization and accounting.
A method list defines the sequence and methods to be used to authenticate, to authorize, or to keep
accounts on a user. You can use method lists to designate one or more security protocols to be used (such
as TACACS+ or local username lookup), thus ensuring a backup system if the initial method fails. The
software uses the first method listed to authenticate, to authorize, or to keep accounts on users. If that
method does not respond, the software selects the next method in the list. This process continues until
there is successful communication with a listed method or the method list is exhausted.
You should have access to and should configure a RADIUS server before configuring RADIUS features
on your switch.
•
•
•
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
9-26
Need for a port-bounce
Port-ID (found in the local session context)
Need for a port-disable
Port-ID (in the local session context)
Default RADIUS Configuration, page 9-27
Identifying the RADIUS Server Host, page 9-27
Configuring RADIUS Login Authentication, page 9-30
Chapter 9
Configuring Switch-Based Authentication
(required)
(required)
OL-26520-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
