Administrator Guide
Security Commands 987
•
7
—An encrypted key is to be entered.
•
string
—The shared secret string. The maximum length is 256 characters.
Enclose in quotes to use special characters or embedded blanks.
Default Configuration
By default, no global server key is configured.
Command Modes
Dynamic Radius Configuration
User Guidelines
Only one global server key may be defined. Use the server-key parameter in
the client command to configure a unique server key for each client.
Command History
Introduced in version 6.2.0.1 firmware.
Example
The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and
3.3.3.3. It sets the front panel ports to use 802.1x MAC-based authentication.
CoA is configured for two RADIUS servers located at 1.1.1.1 and 2.2.2.2 using
a global shared secret and a third server 3.3.3.3 using a server specific shared
secret. CoA and disconnect requests are accepted from these servers. Any
authentication type is allowed for CoA and disconnect requests.
console#configure terminal
console(config)# aaa new-model
console(config)# aaa authentication dot1x default radius
console(config)# dot1x system-auth-control
console(config)# interface range gi1/0/1-24
console(config-if)# dot1x port-control mac-based
console(config-if)# exit
console(config)# radius-server host 1.1.1.1
console(Config-radius)#primary
console(Config-radius)#exit
console(config)# radius-server host 2.2.2.2
console(Config-radius)#exit
console(config)# radius-server host 3.3.3.3
console(Config-radius)#key “That’s your secret.”
2CSNXXX_SWUM204.book Page 987 Monday, January 25, 2016 1:25 PM