Users Guide
Authentication, Authorization, and Accounting 289
session can be issued by the RADIUS server. This means that if the
RADIUS server terminates the host session and subsequently refuses to
authorize the host, the host is denied access to the network:
console(config)#interface Gi1/0/7
console(config-if-Gi1/0/7)#authentication host-mode multi-auth
console(config-if-Gi1/0/7)#authentication order dot1x
console(config-if-Gi1/0/7)#exit
10
Configure Gi1/0/6 to allow connected hosts access to network resources,
regardless of RADIUS configuration. RADIUS CoA disconnect requests
are ignored for clients on this port:
console(config)#interface Gi1/0/6
console(config-if-Gi1/0/6)#authentication port-control force-
authorized
console(config-if-Gi1/0/6)#exit
11
Configure Gi1/0/5 to use standard 802.1x port-based authentication. A
single authentication allows all hosts access to network resources.
console(config)#interface Gi1/0/5
console(config-if-Gi1/0/5)#dot1x port-control auto
console(config-if-Gi1/0/5)#exit
Configure RADIUS Server Load Balancing
The following example configures multiple RADIUS servers in a load
balancing configuration.
1
Enable 802.1x:
console#config
console(config)#dot1x system-auth-control
console(config)#authentication enable
2
Configure 802.1x clients to use RADIUS services:
console(config)#aaa authentication dot1x default radius
3
Configure the first RADIUS server for host authentication/network access
located at 10.130.191.89 with a shared secret. The name command is
optional in this configuration as it uses the default RADIUS group. This
server will be the primary RADIUS server:
console(config)#radius server auth 10.130.191.89
console(config-auth-radius)#name Default-RADIUS-Server
console(config-auth-radius)#primary
console(config-auth-radius)#key “shared secret”
console(config-auth-radius)#exit