--> 802.1x configuration on Switch is Divided into 4 Parts
1) Global AAA Configuration
Switch (config) # aaa new-model
Switch (config)# aaa authentication dot1x default group radius
Switch (config)# aaa authorization network default group radius
Switch (config)# aaa accounting dot1x default start-stop group radius
2) Global Radius Commands
Switch (config) # radius-server ISE
Switch (config) # address ipv4-address 192.168.1.1 auth-port 1812 acct-port 1813
Switch (config) # key cciesec
Switch (config) #aaa server radius dynamic-author
Switch (config) # client 192.168.1.1 server-key cciesec
Switch (config) # radius-server vsa send authentication
Switch (config) # radius-server vsa send accounting
Switch (config) # radius-server attribute 6 on-for-login-auth
Switch (config) # radius-server attribute 8 include-in-access-req
Switch (config) # radius-server attribute 25 access-request include
3) Global 802.1x commands
Switch (config) # dot1x system-auth-control
Switch (config) # ip device tracking
Switch (config) # authentication priority dot1x mab
Switch (config) # authentication mode dot1x mab
Switch (config) #authentication event fail-action next-method
4) Interface Settings
Switch (config) # interface fa0/1
Switch (config) # authentication host mode multi-auth
Switch (config) #authentication open
Switch (config) # mab
Switch (config) # dot1x pae authenticator
Switch (config) # authentication port-control auto
0 comments:
Post a Comment