Administrator Guide
Security Commands 875
authentication type is allowed for CoA and disconnect requests. In this
example, the NAS-IP-Adddress is optionally configured at the fixed IPv4
address of 3.3.3.3. CoA client 5.5.5.5 uses the global server key while client
4.4.4.4 uses a client-specific server key.
console#configure terminal
console(config)# aaa new-model
console(config)# aaa authentication dot1x default radius
console(config)# dot1x system-auth-control
console(config)# interface range gi1/0/1-24
console(config-if)# dot1x port-control mac-based
console(config-if)# exit
console(config)# radius-server host 1.1.1.1
console(Config-radius)#primary
console(Config-radius)#exit
console(config)# radius-server host 2.2.2.2
console(Config-radius)#exit
console(config)# radius-server host 3.3.3.3
console(Config-radius)#key “That’s your secret.”
console(Config-radius)#exit
console(config)# radius-server key “Keep it. Keep it.”
console(config)# aaa server radius dynamic-author
console(config-radius-da)# client 4.4.4.4 server-key 0 “That’s your secret.”
console(config-radius-da)# client 5.5.5.5
console(config-radius-da)# server-key 0 “Keep it. Keep it.”
console(config-radius-da)# port 3799
console(config-radius-da)# auth-type any
console(config-radius-da)# exit
console(config)#radius-server attribute 4 3.3.3.3
console(config)#dot1x system-auth-control
console(config)#dot1x initialize
authentication enable
Use this command to globally enable the Authentication Manager. Interface
configuration set with the authentication order command takes effect only if
the Authentication Manager is enabled.
Use the no form of this command to disable the Authentication Manager.
Syntax
authentication enable
no authentication enable
2CSNXXX_SWUM204.book Page 875 Monday, January 25, 2016 1:25 PM