GE ML1600 Switch User Manual


 
7–6 MULTILINK ML1600 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL
CONFIGURING 802.1X THROUGH THE COMMAND LINE INTERFACE CHAPTER 7: ACCESS USING RADIUS
7.2.2 Example
Example 7-1 demonstrates how to secure the network using port access. Ensure there is
no 802.1x or RADIUS server defined. Only one RADIUS server can be defined for the entire
network.
Example 7-1: Setting port control parameters
802.1X Authenticator Configuration
==================================
Status: Disabled
RADIUS Authentication Server
==================================
IP Address: 0.0.0.0
UDP Port: 1812
Shared Secret:
ML1600# auth
ML1600(auth)##
setport port=2 status=enable control=forceauth initialize=assert
Successfully set port control parameter(s)
ML1600(auth)## auth disable
802.1X Authenticator is disabled.
ML1600(auth)## authserver ip=3.204.240.1 secret=secret
Successfully set RADIUS Authentication Server parameter(s)
ML1600(auth)## auth enable
802.1X Authenticator is enabled.
ML1600(auth)## show auth ports
Port Status Control Initialize Current State
======================================================
1 Enabled Auto Deasserted Authorized
2 Enabled ForcedAuth Asserted Unauthorized
3 Enabled Auto Deasserted Authorized
4 Enabled Auto Deasserted Unauthorized
5 Enabled Auto Deasserted Unauthorized
6 Enabled Auto Deasserted Unauthorized
7 Enabled Auto Deasserted Unauthorized
8 Enabled Auto Deasserted Unauthorized
9 Enabled Auto Deasserted Unauthorized
10 Enabled Auto Deasserted Unauthorized
11 Enabled Auto Deasserted Unauthorized
12 Enabled Auto Deasserted Unauthorized
13 Enabled Auto Deasserted Unauthorized
14 Enabled Auto Deasserted Unauthorized
15 Enabled Auto Deasserted Unauthorized
16 Enabled Auto Deasserted Unauthorized
-- Port not available
ML1600(auth)## show auth config
802.1X Authenticator Configuration
==================================
Status: Enabled
RADIUS Authentication Server
==================================
IP Address: 3.204.240.1
UDP Port: 1812
Shared Secret: secret
(continued on following page)
The RADIUS server is on port 2. This port is
authenticated manually. If the RADIUS server is
several hops away, it may be necessary to
authenticate the interconnection ports. Make sure
the
setport port=2 status=enable
control=forceauth initialize=assert
command
is executed before the
auth enable command.
The auth disable command is not
necessary. However, it is shown for
completeness in case a RADIUS
server was defined with a previously
set authentication scheme.
The RADIUS server is
connected on port #2