Configuring Port-Based and Client-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
For example, to enable the switch to perform 802.1X authentication using one
or more EAP-capable RADIUS servers:
Configuration command
for EAP-RADIUS
authentication.
802.1X (Port-Access)
configured for EAP-
RADIUS authentication.
Figure 10-2. Example of 802.1X (Port-Access) Authentication
4. Enter the RADIUS Host IP Address(es)
If you select either eap-radius or chap-radius for the authentication method,
configure the switch to use 1, 2, or 3 RADIUS servers for authentication. The
following syntax shows the basic commands. For coverage of all commands
related to RADIUS server configuration, refer to
chapter 6, “RADIUS Authen-
tication and Accounting”.
Syntax: radius host < ip-address >
Adds a server to the RADIUS configuration.
[key < server-specific key-string >]
Optional. Specifies an encryption key for use during
authentication (or accounting) sessions with the spec-
ified server. This key must match the key used on the
RADIUS server. Use this option only if the specified
server requires a different key than configured for the
global encryption key.
Syntax: radius-server key < global key-string >
Specifies the global encryption key the switch uses for
sessions with servers for which the switch does not have
a server-specific key. This key is optional if all RADIUS
server addresses configured in the switch include a
server- specific encryption key.
10-20
To Next Page
Loading...
Need help?
General