Cisco Systems WSC4500X24XIPB Switch User Manual


  Open as PDF
of 680
 
29-18
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 29 Understanding and Configuring 802.1X Port-Based Authentication
How to Configure 802.1X
To configure the RADIUS server parameters on the switch, perform this task:
To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global
configuration command.
This example shows how to specify the server with IP address 172.20.39.46 as the RADIUS server. The
first command specifies port 1612 as the authorization port, sets the encryption key to rad123.
The second command dictates that key matches will be performed on the RADIUS server:
Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123
Switch(config)# ip radius source-interface m/p
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the radius-server host global configuration command. If you want to configure these
options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the
radius-server key global configuration commands.
You also need to configure some settings on the RADIUS server. These settings include the IP address
of the switch and the key string to be shared by both the server and the switch.
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# radius-server host
{
hostname
|
ip-address
} auth-port
port-number
[acct-port
port-number
]
key
string
Configures the RADIUS server parameters on the switch.
For hostname | ip-address, specify the hostname or IP address of the
remote RADIUS server.
For auth-port port-number, specify the UDP destination port for
authentication requests. The default is 1812.
For acct-port port-number, specify the UDP destination port for
accounting requests. The default is 1813.
For key string, specify the authentication and encryption key used
between the switch and the RADIUS daemon running on the RADIUS
server. The key is a text string that must match the encryption key used on
the RADIUS server.
Note Always configure the key as the last item in the radius-server
host command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
If you want to use multiple RADIUS servers, reenter this command.
Step 3
Switch(config-if)# ip radius
source-interface m/p
Establishes the IP address to be used as the source address for all outgoing
RADIUS packets.
Step 4
Switch(config)# end
Returns to privileged EXEC mode.
Step 5
Switch# show running-config
Verifies your entries.
Step 6
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
 previous next