Configuring The Switch-To-Radius-Server Communication - Cisco WS-C3550-12G Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for WS-C3550-12G:
- User manual (436 pages) ,
- Manual (278 pages) ,
- Datasheet (19 pages)
Table of Contents
Advertisement
Chapter 7
Configuring 802.1X Port-Based Authentication
This example shows how to enable AAA and 802.1X on Fast Ethernet port 0/1:
Switch# configure terminal
Switch(config)# aaa new-model
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# interface fastethernet0/1
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Configuring the Switch-to-RADIUS-Server Communication
RADIUS security servers are identified by their host name or IP address, host name and specific UDP
port numbers, or IP address and specific UDP port numbers. The combination of the IP address and UDP
port number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP
ports on a server at the same IP address. If two different host entries on the same RADIUS server are
configured for the same service—for example, authentication—the second host entry configured acts as
the fail-over backup to the first one. The RADIUS host entries are tried in the order that they were
configured.
Beginning in privileged EXEC mode, follow these steps to configure the RADIUS server parameters on
the switch. This procedure is required.
Command
Step 1
configure terminal
Step 2
radius-server host {hostname |
ip-address} auth-port port-number key
string
Step 3
end
Step 4
show running-config
Step 5
copy running-config startup-config
To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global
configuration command.
78-11194-03
Purpose
Enter global configuration mode.
Configure the RADIUS server parameters on the switch.
For hostname | ip-address, specify the host name or IP address of the
remote RADIUS server.
For auth-port port-number, specify the UDP destination port for
authentication requests. The default is 1812.
For key string, specify the authentication and encryption key used
between the switch and the RADIUS daemon running on the RADIUS
server. The key is a text string that must match the encryption key used on
the RADIUS server.
Always configure the key as the last item in the radius-server
Note
host command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
If you want to use multiple RADIUS servers, re-enter this command.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 3550 Multilayer Switch Software Configuration Guide
Configuring 802.1X Authentication
7-9
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
