RADIUS Authentication and Accounting
Configuring a RADIUS Server To Specify Per-Port CoS and Rate-Limiting Services
[ tcp/udp-ports]: Optional TCP or UDP port specifier. Used when the ACL is intended to filter
client TCP or UDP traffic with one or more specific TCP or UDP destination port numbers.
You can specify port numbers as individual values and/or ranges. For example, the
following ACE denies any UDP traffic from an authenticated client that has a DA of any
IP address and a UDP destination port of 135, 137-139, or 445:
deny in udp from any to any 135, 137-139, 445.
[ cnt ]: Optional counter specifier for a RADIUS-based ACL. When used in an ACL, the
counter increments each time there is a “match” with a permit or deny ACE. This option
requires that you configure the switch for RADIUS accounting. (Refer to the entry
describing the maximum number of (optional) internal counters in the table on page
6-7.)
Configuring the Switch To Support RADIUS-Based ACLs
An ACL configured in a RADIUS server is identified by the authentication
credentials of the client or group of clients the ACL is designed to support.
When a client authenticates with credentials associated with a particular ACL,
the switch applies that ACL to the switch port the client is using. To enable
the switch to forward a client’s credentials to the RADIUS server, you must
first configure RADIUS operation and an authentication method on the switch.
1. Configure RADIUS operation on the switch:
Syntax: radius-server host < ip-address > key < key-string >
This command configures the IP address and encryption key of a
RADIUS server. The server should be accessible to the switch and
configured to support authentication requests from clients using the
switch to access the network. For more on RADIUS configuration,
refer to the chapter titled “RADIUS Authentication and Accounting”
in the Access Security Guide for your switch.
2. Configure RADIUS network accounting on the switch (optional). RADIUS
network accounting is necessary to retrieve counter information if the cnt
(counter) option is included in any of the ACEs configured on the RADIUS
server.
Syntax: aaa accounting network < start-stop | stop-only > radius
6-42
To Next Page
Loading...
Need help?
General