Table of Contents
Advertisement
N o t e
3.
If you selected either eap-radius or chap-radius for step 2, use the radius
host command to configure up to three RADIUS server IP address(es) on
the switch.
Syntax: radius host < ip-address >
Adds a server to the RADIUS configuration.
[key < server-specific key-string >]
Optional. Specifies an encryption key for use with the
specified server. This key must match the key used on
the RADIUS server. Use this option only if the specified
server requires a different key than configured for the
global encryption key.
Syntax: radius-server key < global key-string >
Specifies the global encryption key the switch uses for
sessions with servers for which the switch does not
have a server-specific key. This key is optional if all
RADIUS server addresses configured in the switch
include a server- specific encryption key.
4.
Activate authentication on the switch.
Syntax: aaa port-access authenticator active
Activates 802.1X port-access on ports you have config-
ured as authenticators.
5.
Test both the authorized and unauthorized access to your system to
ensure that the 802.1X authentication works properly on the ports you
have configured for port-access.
If you want to implement the optional port-security feature on the switch, you
should first ensure that the ports you have configured as 802.1X authenticators
operate as expected. Then refer to "Option For Authenticator Ports: Configure
Port-Security To Allow Only 802.1X-Authenticated Devices" on page 9-44.
After you complete steps 1 and 2, the configured ports are enabled for 802.1X
authentication (without VLAN operation), and you are ready to configure
VLAN Operation.
Configuring Port-Based and Client-Based Access Control (802.1X)
802.1X Open VLAN Mode
9-41
Advertisement
Table of Contents
