Configuring Access Guardian Configuring Port-Based Network Access Control
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-32
Setting Authentication Parameters for the Switch
Use the aaa device-authentication command to specify which RADIUS servers the switch will use for
802.1X, MAC, and Captive Portal authentication. The server information must already be configured on
the switch through the aaa radius-server command. An example of setting the switch to use specific
servers for 802.1X authentication:
-> aaa radius-server rad1 host 10.10.2.1 key rad1_secret
-> aaa radius-server rad2 host 20.20.2.1 key rad2_secret
-> aaa device-authentication 802.1x rad1 rad2
In this example, the rad1 server is used for authenticating user devices connected to UNP ports on which
802.1X authentication is enabled. If rad1 becomes unavailable, the switch then uses rad2 for 802.1X
authentication.
To set the switch to use specific servers for MAC authentication, use the aaa device-authentication
command with the mac parameter. For example:
-> aaa device-authentication mac rad1 rad2
In this example, the rad1 server is used for authenticating user devices connected to UNP ports on which
MAC authentication is enabled. As in the 802.1X authentication example, if rad1 becomes unavailable,
the switch will then use rad2 for MAC authentication.
To set the switch to use specific servers for internal Captive Portal authentication, use the aaa device-
authentication command with the captive-portal parameter. For example:
-> aaa device-authentication captive-portal rad1 rad2
In this example, the rad1 server is used for authenticating user devices connected to UNP ports that are
classified into a UNP profile that has Captive Portal authentication enabled. As in the 802.1X and MAC
authentication example, if rad1 becomes unavailable, the switch will then use rad2 for internal Captive
Portal authentication.
Use the show aaa server command to display the RADIUS server configuration. For example:
-> show aaa server
Server name = rad1
Server type = RADIUS,
IP Address 1 = 10.10.2.1,
Retry number = 3,
Time out (sec) = 2,
Authentication port = 1812,
Accounting port = 1813,
VRF = default
Server name = rad2
Server type = RADIUS,
IP Address 1 = 20.20.2.1,
Retry number = 3,
Time out (sec) = 2,
Authentication port = 1812,
Accounting port = 1813,
VRF = default
Note. The same RADIUS servers can be used for 802.1X, MAC, and Captive Portal authentication. Using
different servers for each type of authentication is allowed but not required. For more information about
configuring authentication servers, see Chapter 38, “AAA Commands.”
To Next Page
Loading...
Need help?
General
