Cisco 3020 - Catalyst Blade Switch Release Note page 21
Release notes for the cisco catalyst blade switch 3020 for hp, cisco ios release 12.2(35)se and later
Hide thumbs
Also See for 3020 - Cisco Catalyst Blade Switch:
- Command reference manual (744 pages) ,
- Configuration manual (712 pages) ,
- Release note (54 pages)
Table of Contents
Advertisement
Command
Step 3
aaa authentication login default group
radius
Step 4
aaa authorization auth-proxy default
group radius
Step 5
radius-server host key radius-key
Step 6
radius-server attribute 8
include-in-access-req
Step 7
radius-server vsa send authentication
Step 8
ip device tracking
Step 9
end
This example shows how to enable AAA, use RADIUS authentication and enable device tracking:
Switch(config) configure terminal
Switch(config)# aaa new-model
Switch(config)# aaa authentication login default group radius
Switch(config)# aaa authorization auth-proxy default group radius
Switch(config)# radius-server host key key1
Switch(config)# radius-server attribute 8 include-in-access-req
Switch(config)# radius-server vsa send authentication
Switch(config)# ip device tracking
Switch(config) end
Beginning in privileged EXEC mode, follow these steps to configure a port to use web authentication:
Command
Step 1
configure terminal
Step 2
ip admission name rule proxy http
OL-8918-03
Purpose
Use RADIUS authentication. Before you can use this authentication
method, you must configure the RADIUS server. For more
information, see
Authentication."
The console prompts you for a username and password on future
attempts to access the switch console after entering the aaa
authentication login command. If you do not want to be prompted for
a username and password, configure a second login authentication
list:
Switch# config t
Switch(config)# aaa authentication login line-console none
Switch(config)# line console 0
Switch(config-line)# login authentication line-console
Switch(config-line)# end
Use RADIUS for authentication-proxy (auth-proxy) authorization.
Specify the authentication and encryption key for RADIUS
communication between the switch and the RADIUS daemon.
Configure the switch to send the Framed-IP-Address RADIUS
attribute (Attribute[8]) in access-request or accounting-request
packets.
Configure the network access server to recognize and use
vendor-specific attributes (VSAs).
Enable the IP device tracking table.
To disable the IP device tracking table, use the no ip device tracking
global configuration commands.
Return to privileged EXEC mode.
Purpose
Enter global configuration mode.
Define a web authentication rule.
Note
Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(35)SE and Later
Chapter 9, "Configuring Switch-Based
The same rule cannot be used for both web authentication and
NAC Layer 2 IP validation.
Documentation Updates
21
Advertisement
Table of Contents
