7–4 MULTILINK ML2400 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL
ACCESS USING RADIUS CHAPTER 7: ACCESS USING RADIUS
7.2 Configuring 802.1x through the Command Line Interface
7.2.1 Commands
On enabling 802.1x ports, make sure the port which connects to the RADIUS servers needs
to be manually authenticated. To authenticate the port, use the
setport command. The
CLI commands to configure and perform authentication with a RADIUS server are
described below.
The
auth command enters the configuration mode to configure the 802.1x parameters.
auth
The
show auth command displays the 802.1x configuration or port status.
show auth <config|ports>
The
authserver command define the RADIUS server. Use the UDP socket number if the
RADIUS authentication is on a port other than 1812.
authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>]
The
auth enable and auth disable commands enable or disable the 802.1x
authenticator function on the MultiLink switch.
auth <enable|disable>
The
setport command configures the port characteristics for an 802.1x network.
setport port=<num|list|range> [status=<enable|disable>]
[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>]
The
backend port command configure the parameters for EAP over RADIUS.
backend port=<num|list|range>
[supptimeout=<1-240>]
[servertimeout=<1-240] [maxreq=<1-10>]
The
port argument is mandatory and represents the port(s) to be configured. The
supptimeout argument is optional and represents the timeout in seconds the
authenticator waits for the supplicant to respond back. The default value is 30 seconds
and values can range from 1 to 240 seconds. The
servertimeout argument is optional
and represents the timeout in seconds the authenticator waits for the back-end RADIUS
server to respond. The default value is 30 seconds and can range from 1 to 240 seconds.
The
maxreq argument is optional and represents the maximum number of times the
authenticator will retransmit an EAP request packet to the Supplicant before it times out
the authentication session. Its default value is 2 and can be set to any integer value from 1
to 10.
The
portaccess command sets port access parameters for authenticating PCs or
supplicants.
portaccess port=<num|list|range>
[quiet=<0-65535>] [maxreauth=<0-10>] [transmit=<1-65535>]
The
port argument is mandatory and identifies the ports to be configured. The quiet
argument is optional and represents the quiet period – the amount of time, in seconds, the
supplicant is held after an authentication failure before the authenticator retries the
supplicant for connection. The default value is 60 seconds and values can range from 0 to
65535 seconds. The
maxreauth argument is optional and represents the number of re-
authentication attempts permitted before the port is unauthorized. The default value is 2