KB.15.15

7 RADIUS server support for switch services

Configuring

Configuring the switch to support RADIUS-assigned ACLs

An ACL configured in a RADIUS server is identified by the authentication credentials of the client

or group of clients the ACL is designed to support. When a client authenticates with credentials

associated with a particular ACL, the switch applies that ACL to the switch port the client is using.

To enable the switch to forward a client's credentials to the RADIUS server, you must first configure

RADIUS operation and an authentication method on the switch.

1. Configure RADIUS operation on the switch:

Syntax:

radius-server host <ipv4-address> key <key-string>

This command configures the IPv4 address and encryption key of a RADIUS server.

The server should be accessible to the switch and configured to support

authentication requests from clients using the switch to access the network.

2. Configure RADIUS network accounting on the switch (optional).

aaa accounting network <start-stop | stop-only> radius

You can also view ACL counter hits using either of the following commands:

show access-list radius port-list

show port-access <authenticator | mac-based | web-based >

port-list clients detailed

NOTE: See the documentation provided with your RADIUS server for information on how

the server receives and manages network accounting information, and how to perform any

configuration steps necessary to enable the server to support network accounting data from

the switch.

Configuring 199