Users Guide
Security Commands 1013
Default Configuration
By default, no global server key is configured.
Command Modes
Dynamic RADIUS Configuration
User Guidelines
Only one global server key may be defined. Use the server-key parameter in
the client command to configure a unique server key for each client.
Command History
Introduced in version 6.2.0.1 firmware.
Example
The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and
3.3.3.3. It sets the front panel ports to use 802.1x MAC-based authentication.
CoA is configured for two RADIUS servers located at 1.1.1.1 and 2.2.2.2 using
a global shared secret and a third server 3.3.3.3 using a server specific shared
secret. CoA disconnect requests are accepted from these servers. Any
authentication type is allowed for CoA disconnect requests.
console#configure terminal
console(config)# aaa new-model
console(config)# aaa authentication dot1x default radius
console(config)# dot1x system-auth-control
console(config)# interface range gi1/0/1-24
console(config-if)# dot1x port-control mac-based
console(config-if)# exit
console(config)# radius server auth 1.1.1.1
console(config-auth-radius)#primary
console(config-auth-radius)#exit
console(config)# radius server auth 2.2.2.2
console(config-auth-radius)#exit
console(config)# radius server auth 3.3.3.3
console(config-auth-radius)#key “That’s your secret.”
console(config-auth-radius)#exit
console(config)# radius server key “Keep it. Keep it.”
console(config)# aaa server radius dynamic-author
console(config-radius-da)# client 3.3.3.3 server-key 0 “That’s your secret.”
console(config-radius-da)# client 1.1.1.1
console(config-radius-da)# client 2.2.2.2