Configuring Switch-To-Radius-Server Communication - Cisco 4500M Software Manual
Software guide
Hide thumbs
Also See for 4500M:
- Command reference manual (578 pages) ,
- Hardware installation and maintenance manual (143 pages) ,
- Upgrade manual (24 pages)
Table of Contents
Advertisement
Chapter 31
Understanding and Configuring 802.1X Port-Based Authentication
This example shows how to enable AAA and 802.1X on Fast Ethernet port 2/1:
Switch# configure terminal
Switch(config)# dot1x system-auth-control
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# interface fastethernet2/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Configuring Switch-to-RADIUS-Server Communication
A RADIUS security server is identified by its host name or IP address, host name and specific UDP port
number, or IP address and specific UDP port numbers. The combination of the IP address and UDP port
number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on
a server at the same IP address. If two different host entries on the same RADIUS server are configured
for the same service—for example, authentication—the second host entry configured acts as the fail-over
backup to the first one. The RADIUS host entries are tried in the order they were configured.
To configure the RADIUS server parameters on the switch, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# radius-server host
{ hostname | ip-address } auth-port
port-number [acct-port port-number ]
key string
Step 3
Switch(config-if)# ip radius
source-interface m/p
Step 4
Switch(config)# end
Step 5
Switch# show running-config
Step 6
Switch# copy running-config
startup-config
OL-6696-01
Purpose
Enters global configuration mode.
Configures the RADIUS server parameters on the switch.
For hostname | ip-address, specify the hostname or IP address of the
remote RADIUS server.
For auth-port port-number, specify the UDP destination port for
authentication requests. The default is 1812.
For acct-port port-number, specify the UDP destination port for
accounting requests. The default is 1813.
For key string, specify the authentication and encryption key used
between the switch and the RADIUS daemon running on the RADIUS
server. The key is a text string that must match the encryption key used on
the RADIUS server.
Always configure the key as the last item in the radius-server
Note
host command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
If you want to use multiple RADIUS servers, reenter this command.
Establishes the IP address to be used as the source address for all outgoing
RADIUS packets.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Software Configuration Guide—Release 12.2(25)EW
How to Configure 802.1X
31-15
Advertisement
Table of Contents
