User Guide
563
Configuring 802.1x
802.1x Configuration
2.2 Using the CLI
2.2.1 Configuring the RADIUS Server
Follow these steps to configure RADIUS:
Step 1
configure
Enter global configuration mode.
Step 2
radius-server host
ip-address
[ auth-port
port-id
] [ acct-port
port-id
] [ timeout
time
] [
retransmit
number
] [ nas-id
nas-id
] key {
[ 0 ]
string
|
7
encrypted-string
}
Add the RADIUS server and configure the related parameters as needed.
host
ip-address
:
Enter the IP address of the server running the RADIUS protocol.
auth-port
port-id
:
Specify the UDP destination port on the RADIUS server for authentication
requests. The default setting is 1812.
acct-port
port-id:
Specify the UDP destination port on the RADIUS server for accounting
requests. The default setting is 1813. Generally, the accounting feature is not used in the
authentication account management.
timeout
time
:
Specify the time interval that the switch waits for the server to reply before
resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds.
retransmit
number
:
Specify the number of times a request is resent to the server if the
server does not respond. The valid values are from 1 to 3 and the default setting is 2.
nas-id
nas-id:
Specify the name of the NAS (Network Access Server) to be contained in
RADIUS packets for identification. It ranges from 1 to 31 characters. The default value is the
MAC address of the switch. Generally, the NAS indicates the switch itself.
key {
[ 0 ]
string
|
7
encrypted-string
}
:
Specify the shared key. 0 and 7 prevent the
encryption type. 0 indicates that an unencrypted key will follow. 7 indicates that a symmetric
encrypted key with a fixed length will follow. By default, the encryption type is 0.
string
is the
shared key for the switch and the server, which contains 32 characters at most.
encrypted-
string
is a symmetric encrypted key with a fixed length, which you can copy from the
configuration file of another switch. The key or encrypted-key you configured here will be
displayed in the encrypted form.
Step 3
aaa group
radius
group-name
Create a RADIUS server group.
radius:
Specify the group type as radius.
group-name
:
Specify a name for the group.
Step 4
server
ip-address
Add the existing servers to the server group.
ip-address
:
Specify IP address of the server to be added to the group.
Step 5
exit
Return to global configuration mode.
Downloaded from