9-22
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Configuring the Switch-to-RADIUS-Server Communication
RADIUS security servers are identified by their hostname or IP address, hostname and specific UDP port
numbers, or IP address and specific UDP port numbers. The combination of the IP address and UDP port
number creates a unique identifier, which enables RADIUS requests to be sent to multiple UDP ports on
a server at the same IP address. If two different host entries on the same RADIUS server are configured
for the same service—for example, authentication—the second host entry configured acts as the fail-over
backup to the first one. The RADIUS host entries are tried in the order that they were configured.
Beginning in privileged EXEC mode, follow these steps to configure the RADIUS server parameters on
the switch. This procedure is required.
To delete the specified RADIUS server, use the
no radius-server host
{
hostname
|
ip-address
} global
configuration command.
Step 10
dot1x port-control auto
Enable IEEE 802.1x authentication on the port.
For feature interaction information, see the
Configuration Guidelines” section on page 9-19
Step 11
end
Return to privileged EXEC mode.
Step 12
show dot1x
Verify your entries.
Step 13
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
radius-server host
{
hostname
|
ip-address
}
auth-port
port-number
key
string
Configure the RADIUS server parameters.
For
hostname
|
ip-address,
specify the hostname or IP address of the
remote RADIUS server.
For
auth-port
port-number
, specify the UDP destination port for
authentication requests. The default is 1812. The range is 0 to 65536.
For
key
string
, specify the authentication and encryption key used
between the switch and the RADIUS daemon running on the RADIUS
server. The key is a text string that must match the encryption key used on
the RADIUS server.
Note
Always configure the key as the last item in the
radius-server
host
command syntax because leading spaces are ignored, but
spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the
quotation marks are part of the key. This key must match the
encryption used on the RADIUS daemon.
If you want to use multiple RADIUS servers, re-enter this command.
Step 3
end
Return to privileged EXEC mode.
Step 4
show running-config
Verify your entries.
Step 5
copy running-config startup-config
(Optional) Save your entries in the configuration file.