Cisco 7604 Configuration Manual page 804
Ios software configuration guide
Hide thumbs
Also See for 7604:
- Configuration manual (742 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring NAC
Command
Step 13
Router(config)# radius-server host
{
|
hostname
ip-address
username username idle-time 1 key
string
Step 14
Router(config)# radius-server
attribute 8 include-in-access-req
Step 15
Router(config)# radius-server vsa
send authentication
Step 16
Router(config)# radius-server
dead-criteria {tries | time} value
Step 17
Router(config)# eou logging
Step 18
Router(config)# end
Step 19
Router# show ip admission {[cache]
[configuration] [eapoudp]}
Step 20
Router# show ip device tracking
{all | interface interface-id | ip
ip-address | mac mac-address }
Step 21
Router(# copy running-config
startup-config
The following example illustrates how to apply a AAA down policy:
Router# config t
Enter configuration commands, one per line.
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
45-20
Purpose
(Optional) Configures the RADIUS server parameters.
}
test
For the hostname or ip-address, specify the hostname or IP address of the
remote RADIUS server.
For the key string value, specify the authentication and encryption key
used between the switch and the RADIUS daemon running on the
RADIUS server. The key is a text string that must match the encryption
key used on the RADIUS server.
Note
The test username value parameter is used for configuring the dummy
username that tests whether the AAA server is active or not.
The idle-time parameter is used to set how often the server should be tested
to determine its operational status. If there is no traffic to the RADIUS server,
the NAD sends dummy radius packets to the RADIUS server based on the
idle-time.
If you want to use multiple RADIUS servers, reenter this command.
(Optional) Configures the switch to send the Framed-IP-Address
RADIUS attribute (Attribute[8]) in access-request or accounting-request
packets if the switch is connected to nonresponsive hosts.
To configure the switch to not send the Framed-IP-Address attribute, use
the no radius-server attribute 8 include-in-access-req global
configuration command.
Configures the network access server to recognize and use vendor-specific
attributes.
Forces one or both of the criteria (used to mark a RADIUS server as dead)
to be the indicated constant.
(Optional) Enables EAPoUDP system logging events.
To disable the logging of EAPoUDP system events, use the no eou
logging global configuration command.
Returns to privileged EXEC mode.
Displays the NAC configuration or network admission cache entries.
Displays information about the entries in the IP device tracking table.
(Optional) Saves your entries in the configuration file.
Chapter 45
Always configure the key as the last item in the radius-server
host command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
End with CNTL/Z.
Configuring Network Admission Control
OL-4266-08
- Quick Links:
- Supported Hardware and Software
Hide quick links:
Advertisement
Chapters
Table of Contents
