Cisco Catalyst 2960-XR Security Configuration Manual page 297
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Configuring IEEE 802.1x Port-Based Authentication
Command or Action
dead-criteria time 30 tries 20
Step 3
radius-server deadtime minutes
Example:
Switch(config)# radius-server
deadtime 60
Step 4
radius-server host ip-address [acct-port
udp-port] [auth-port udp-port][ test
username name [idle-time time]
[ignore-acct-port] [ignore-auth-port]]
[key string]
Example:
Switch(config)# radius-server host
1.1.1.2 acct-port 1550 auth-port
1560 test username user1 idle-time
30 key abc1234
OL-29434-01
Configuring the Inaccessible Authentication Bypass Feature
Purpose
The range for tries is from 1 to 100. The switch dynamically determines the
default tries parameter that is 10 to 100.
(Optional) Sets the number of minutes that a RADIUS server is not sent
requests. The range is from 0 to 1440 minutes (24 hours). The default is 0
minutes.
(Optional) Configures the RADIUS server parameters by using these keywords:
• acct-port udp-port—Specifies the UDP port for the RADIUS accounting
server. The range for the UDP port number is from 0 to 65536. The default
is 1646.
• auth-port udp-port—Specifies the UDP port for the RADIUS
authentication server. The range for the UDP port number is from 0 to
65536. The default is 1645.
Note
You should configure the UDP port for the RADIUS accounting
server and the UDP port for the RADIUS authentication server
to nondefault values.
• test username name—Enables automated testing of the RADIUS server
status, and specify the username to be used.
• idle-time time—Sets the interval of time in minutes after which the switch
sends test packets to the server. The range is from 1 to 35791 minutes.
The default is 60 minutes (1 hour).
• ignore-acct-port—Disables testing on the RADIUS-server accounting
port.
• ignore-auth-port—Disables testing on the RADIUS-server authentication
port.
• For key string, specify the authentication and encryption key used between
the switch and the RADIUS daemon running on the RADIUS server.
The key is a text string that must match the encryption key used on the
RADIUS server.
Note
Always configure the key as the last item in the radius-server
host command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
You can also configure the authentication and encryption key
by using the radius-server key {0 string| 7 string | string} global
configuration command.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
275
Hide quick links:
Advertisement
Table of Contents
