Table of Contents
Advertisement
time, the switch resends the request packet or sets the server as invalid according to
the current conditions.
Example: Setting the RADIUS authentication timeout timer value to 30 seconds.
Switch(Config)# radius-server timeout 30
20.3 802.1x Application Example
The PC is connecting to port 1/2 of the switch; IEEE 802.1x authentication is enabled on port 1/2;
the access mode is the default MAC-based authentication. The switch IP address is 10.1.1.2. Any
port other than port 1/2 is used to connect to RADIUS authentication server, which has an IP address
of 10.1.1.3, and use the default port 1812 for authentication and port 1813 for accounting. IEEE
802.1x authentication client software is installed on the PC and is used in IEEE 802.1x
authentication.
The configuration procedures are listed below:
Switch(Config)#interface vlan 1
Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
Switch(Config-if-vlan1)#exit
Switch(Config)#radius-server authentication host 10.1.1.3
Switch(Config)#radius-server accounting host 10.1.1.3
Switch(Config)#radius-server key test
Switch(Config)#aaa enable
Switch(Config)#aaa-accounting enable
Switch(Config)#dot1x enable
Switch(Config)#interface ethernet 1/2
Switch(Config-Ethernet1/2)#dot1x enable
Switch(Config-Ethernet1/2)#dot1x port-control auto
EES4710BD 10 Slots L2/L3/L4 Chassis Switch
1 0 . 1 . 1 . 2
1 0 . 1 . 1 . 1
Fig 20-2 IEEE 802.1x Configuration Example Topology
Ra d i u s Se r v e r
1 0 . 1 . 1 . 3
521
Advertisement
Table of Contents
Troubleshooting
