Users Guide
Security Commands 1088
The server-key, if configured, overrides the global shared secret for this client
only.
Messages received from a RADIUS CoA client are validated against the
configured servers. Messages received from unconfigured RADIUS CoA
clients are silently discarded.
Command History
Introduced in version 6.2.0.1 firmware.
Example
The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and
3.3.3.3 and CoA clients at 3.3.3.3, 4.4.4.4, and 5.5.5.5. It sets the front panel
ports to use multi-auth authentication. CoA is configured for two RADIUS
servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third
server using a server specific shared secret. CoA disconnect requests are
accepted from these servers. Any session identification attribute is allowed for
CoA disconnect requests.
console#configure terminal
console(config)# aaa new-model
console(config)# aaa authentication dot1x default radius
console(config)# dot1x system-auth-control
console(config)# interface range gi1/0/1-24
console(config-if)# authentication port-control auto
console(config-if)# authentication host-mode multi-auth
console(config-if)# exit
console(config)# radius server auth 1.1.1.1
console(config-auth-radius)#primary
console(config-auth-radius)#exit
console(config)# server auth 2.2.2.2
console(config-auth-radius)#exit
console(config)# server auth 3.3.3.3
console(config-auth-radius)#key “That’s your secret.”
console(config-auth-radius)#exit
console(config)# radius server key “Keep it. Keep it.”
console(config)# aaa server radius dynamic-author
console(config-radius-da)# client 3.3.3.3 server-key 0 “That’s your secret.”
console(config-radius-da)# client 4.4.4.4
console(config-radius-da)# client 5.5.5.5
console(config-radius-da)# server-key 0 “Keep it. Keep it.”
console(config-radius-da)# port 3799
console(config-radius-da)# auth-type any