13-45
Configuring Port-Based and User-Based Access Control (802.1X)
802.1X Open VLAN Mode
3. If you selected either eap-radius or chap-radius for step 2, use the radius
host command to configure up to three RADIUS server IP address(es) on
the switch.
4. Activate authentication on the switch.
Syntax: radius host < ip-address > [oobm]
Adds a server to the RADIUS configuration.
For switches that have a separate out-of-band manage-
ment port, the oobm parameter specifies that the
RADIUS traffic will go through the out-of-band man-
agement (OOBM) port.
[key < server-specific key-string >]
Optional. Specifies an encryption key for use with the
specified server. This key must match the key used on
the RADIUS server. Use this option only if the specified
server requires a different key than configured for the
global encryption key The tilde (~) character is allowed
in the string. It is not backward compatible; the “~”
character is lost if you use a software version that does
not support the “~” character.
Syntax: radius-server key < global key-string >
Specifies the global encryption key the switch uses for
sessions with servers for which the switch does not
have a server-specific key. This key is optional if all
RADIUS server addresses configured in the switch
include a server- specific encryption key. The tilde (~)
character is allowed in the string, for example, radius-
server key hp~network. It is not backward compatible;
the “~” character is lost if you use a software version
that does not support the “~” character.
Default: Null
The no form of the command removes the global encryp-
tion key.
Syntax: aaa port-access authenticator active
Activates 802.1X port-access on ports you have config-
ured as authenticators.
To Next Page
Loading...
Need help?
General