Users Guide
364 Authentication, Authorization, and Accounting
To configure the switch:
1
Create the VLANs and configure the VLAN names.
console(config)#vlan 100
console(config-vlan100)#name Authorized
console(config-vlan100)#exit
console(config)#vlan 200
console(config-vlan200)#name Unauthorized
console(config-vlan200)#exit
console(config)#vlan 300
console(config-vlan300)#name Guest
console(config-vlan300)#exit
2
Configure information about the external RADIUS server the switch uses
to authenticate clients. The RADIUS server IP address is 10.10.10.10, and
the global shared secret is qwerty123.
console(config)#radius server key qwerty123
console(config)#radius server auth 10.10.10.10
console(config-auth-radius)#name MyRadius
console(config-auth-radius)#exit
3
Enable 802.1X on the switch.
console(config)#dot1x system-auth-control
4
Create a default authentication login list and use the RADIUS server for
port-based authentication for connected clients.
console(config)#aaa authentication dot1x default radius
5
Allow the switch to accept VLAN assignments by the RADIUS server.
console(config)#aaa authorization network default radius
6
Enter interface configuration mode for the downlink ports.
console(config)#interface range Gi1/0/1-23
7
Set the downlink ports to the access mode because each downlink port
connects to a single host that belongs to a single VLAN. Set the port
control mode to auto (default) to allow VLAN assignment from the
RADIUS server.
console(config-if)#switchport mode access
console(config-if)#dot1x port-control auto