8-20
Configuring Port-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
4. Enter the RADIUS Host IP Address(es)
If you selected either eap-radius or chap-radius for the authentication method,
configure the switch to use 1 to 3 RADIUS servers for authentication. The
following syntax shows the basic commands. For coverage of all commands
related to RADIUS server configuration, refer to “RADIUS Authentication and
Accounting” on page 5-1.
5. Enable 802.1X Authentication on the Switch
After configuring 802.1X authentication as described in the preceding four
sections, activate it with this command:
Syntax: radius host < ip-address >
Adds a server to the RADIUS configuration.
[key < server-specific key-string >]
Optional. Specifies an encryption key for use during
authentication (or accounting) sessions with the spec-
ified server. This key must match the key used on the
RADIUS server. Use this option only if the specified
server requires a different key than configured for the
global encryption key.
radius-server key < global key-string >
Specifies the global encryption key the switch uses for
sessions with servers for which the switch does not have
a server-specific key. This key is optional if all RADIUS
server addresses configured in the switch include a
server- specific encryption key.
Syntax: aaa port-access authenticator active
Activates 802.1X port-access on ports you have configured
as authenticators.