Users Guide
282 Authentication, Authorization, and Accounting
console(config-if-Gi1/0/22)#authentication order dot1x mab
console(config-if-Gi1/0/22)#exit
Combined RADIUS, CoA, MAB and 802.1x Example
The following example configures RADIUS in conjunction with IEEE 802.1X
to provide network access to switch clients.
1
Enable 802.1x:
console#config
console(config)#dot1x system-auth-control
console(config)#authentication enable
2
Configure 802.1x clients to use RADIUS services:
console(config)#aaa authentication dot1x default radius
3
Enable CoA for RADIUS:
console(config)#aaa server radius dynamic-author
4
Configure the remote RADIUS server for COA requests at 10.130.191.89
with “shared secret” as the key:
console(config-radius-da)#client 10.130.191.89 server-key
“shared secret”
5
Specify that any CoA request with a matching key identifies a client:
console(config-radius-da)#auth-type any
console(config-radius-da)#exit
6
Configure a group of RADIUS clients (switches) to appear as a single large
RADIUS client (by using the same NAS-IP-Address):
console(config)#radius server attribute 4 10.130.65.4
7
Specify that the RADIUS server for host authentication/network access is
located at 10.130.191.89:
console(config)#radius server auth 10.130.191.89
console(config-auth-radius)#name Default-RADIUS-Server
8
Configure the RADIUS shared secret as “shared secret”:
console(config-auth-radius)#key “shared secret”
console(config-auth-radius)#exit
9
Configure Gi1/0/7 to use multi-auth host authentication. This allows
multiple hosts sharing the same network port to be individually allowed or
denied access to network resources. CoA requests to terminate a host