Users Guide
Security Commands 1010
RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and
a third server using a server specific shared secret. CoA disconnect requests
are accepted from these servers. Any session identification attribute is allowed
for CoA disconnect requests.
console#configure terminal
console(config)# aaa new-model
console(config)# aaa authentication dot1x default radius
console(config)# dot1x system-auth-control
console(config)# interface range gi1/0/1-24
console(config-if)# dot1x port-control mac-based
console(config-if)# exit
console(config)# radius server auth 1.1.1.1
console(config-auth-radius)#primary
console(config-auth-radius)#exit
console(config)# server auth 2.2.2.2
console(config-auth-radius)#exit
console(config)# server auth 3.3.3.3
console(config-auth-radius)#key “That’s your secret.”
console(config-auth-radius)#exit
console(config)# radius server key “Keep it. Keep it.”
console(config)# aaa server radius dynamic-author
console(config-radius-da)# client 3.3.3.3 server-key 0 “That’s your secret.”
console(config-radius-da)# client 4.4.4.4
console(config-radius-da)# client 5.5.5.5
console(config-radius-da)# server-key 0 “Keep it. Keep it.”
console(config-radius-da)# port 3799
console(config-radius-da)# auth-type any
console(config-radius-da)# exit
console(config)#dot1x system-auth-control
console(config)#dot1x initialize
ignore
Use this command to set the switch to ignore certain authentication/session
identification parameters from dynamic RADIUS clients. Use the no form of
the command to restore checking of the specific authentication parameters as
configured by the auth-type command.
Syntax
ignore {session-key | server-key}
no ignore {session-key | server-key}
• Session-key—Do not attempt to authenticate with the session key.