Configuring Port-Based and Client-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
Figure 10-2. Example of 802.1X (Port-Access) Authentication
10-20
For example, to enable the switch to perform 802.1X authentication using one
or more EAP-capable RADIUS servers:
4. Enter the RADIUS Host IP Address(es)
If you select either eap-radius or chap-radius for the authentication method,
configure the switch to use 1, 2, or 3 RADIUS servers for authentication. The
following syntax shows the basic commands. For coverage of all commands
related to RADIUS server configuration, refer to chapter 6, "RADIUS Authen
tication and Accounting".
Syntax:
radius host < ip-address >
Adds a server to the RADIUS configuration.
[key < server-specific key-string >]
Optional. Specifies an encryption key for use during
authentication (or accounting) sessions with the spec-
ified server. This key must match the key used on the
RADIUS server. Use this option only if the specified
server requires a different key than configured for the
global encryption key.
Syntax:
radius-server key < global key-string >
Specifies the global encryption key the switch uses for
sessions with servers for which the switch does not have
a server-specific key. This key is optional if all RADIUS
server addresses configured in the switch include a
server- specific encryption key.
Configuration command
for EAP-RADIUS
authentication.
802.1X (Port-Access)
configured for EAP -
RADIUS authentication.