Configuring 802.1X Network Access Control; Using The Cli To Configure 802.1X Port-Based Access Control - Ubiquiti EdgeSwitch ES-24-250W Administration Manual

EdgeSwitch Administration Guide
™

Configuring 802.1X Network Access Control

This example configures a single RADIUS server used for authentication and accounting at 10.10.10.10. The
shared secret is configured to be secret. The switch is configured to require that the 802.1X access method is
through a RADIUS server. IEEE 802.1X port-based access control is enabled for the system, and interface 0/1
is configured to be in force-authorized mode because this is where the RADIUS server and protected network
resources are located.
Authenticator Switch
24V
Supplicant
If a user, or supplicant, attempts to communicate via the switch on any interface except interface 0/1, the
system challenges the supplicant for login credentials. The system encrypts the provided information and
transmits it to the RADIUS server. If the RADIUS server grants access, the system sets the 802.1X port state of
the interface to authorized, and the supplicant is able to access network resources.

Using the CLI to Configure 802.1X Port-Based Access Control

1. Configure the RADIUS authentication server IP address.
(UBNT EdgeSwitch) #config
radius server host auth 10.10.10.10
2. Configure the RADIUS authentication server secret.
radius server key auth 10.10.10.10
secret
secret
3. Configure the RADIUS accounting server IP address.
radius server host acct 10.10.10.10
4. Configure the RADIUS accounting server secret.
radius server key acct 10.10.10.10
secret
secret
5. Enable RADIUS accounting mode.
radius accounting mode
6. Set IEEE 802.1X to use RADIUS as the AAA method.
aaa authentication dot1x default radius
7. Enable 802.1X authentication on the switch.
dot1x system-auth-control
Ubiquiti Networks, Inc.
LAN
Switch with 802.1X Network Access Control
Configuration Examples
Authentication Server
(RADIUS)
270