12-35
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 12 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
This example shows how to specify the server with IP address 172.20.39.46 as the RADIUS server, to
use port 1612 as the authorization port, and to set the encryption key to
rad123
, matching the key on the
RADIUS server:
Switch(config)#
radius-server host 172.l20.39.46 auth-port 1612 key rad123
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the
radius-server host
global configuration command. If you want to configure these
options on a per-server basis, use the
radius-server timeout
,
radius-server retransmit
and the
radius-server key
global configuration commands. For more information, see the
“Configuring Settings
for All RADIUS Servers” section on page 11-29
.
You also need to configure some settings on the RADIUS server. These settings include the IP address
of the switch and the key string to be shared by both the server and the switch. For more information,
see the RADIUS server documentation.
Configuring the Host Mode
Beginning in privileged EXEC mode, follow these steps to allow a single host (client) or multiple hosts
on an 802.1x-authorized port that has the
dot1x port-control
interface configuration command set to
auto
. Use the
multi-domain
keyword to configure multidomain authentication (MDA) to enable
authentication of both a host and a voice device, such as an IP phone (Cisco or non-Cisco) on the same
switch port. This procedure is optional.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
radius-server vsa send authentication
Configure the network access server to recognize and use vendor-specific
attributes (VSAs).
Step 3
interface
interface-id
Specify the port to which multiple hosts are indirectly attached, and enter
interface configuration mode.