KB.15.15

Example 25 To enable the switch to perform 802.1X authentication using one or more EAP-capable

RADIUS servers:

Figure 333 802.1X (Port-Access) Authentication

Enter the RADIUS Host IP Address(es)

If you select either eap-radius or chap-radius for the authentication method, configure the switch

to use 1, 2, or 3 RADIUS servers for authentication. The following syntax shows the basic commands.

For coverage of all commands related to RADIUS server configuration, see “RADIUS Authentication,

Authorization, and Accounting” (page 141).

Syntax

radius host < ip-address > [oobm]

Adds a server to the RADIUS configuration. For switches that have a separate

out-of-band management port, the oobm parameter specifies that the RADIUS traffic

will go through the out-of-band management (OOBM) port.

[key < server-specific key-string >]

Optional. Specifies an encryption key for use during authentication (or accounting)

sessions with the specified server. This key must match the key used on the RADIUS

server. Use this option only if the specified server requires a different key than

configured for the global encryption key. The tilde (~) character is allowed in the

string. It is not backward compatible; the “~” character is lost if you use a software

version that does not support the “~” character.

Syntax

radius-server key < global key-string >

Specifies the global encryption key the switch uses for sessions with servers for

which the switch does not have a server-specific key. This key is optional if all

RADIUS server addresses configured in the switch include a server- specific

encryption key. The tilde (~) character is allowed in the string, for example,

radius-server key hp~switch. It is not backward compatible; the “~” character is

lost if you use a software version that does not support the “~” character. Default:

Null

The no form of the command removes the global encryption key.

462 Port-Based and User-Based Access Control (802.1X)