Administrator Guide
252 Authentication, Authorization, and Accounting
console(config-auth-radius)#primary
console(config-auth-radius)#name “Default-RADIUS-Server”
console(config-auth-radius)#usage 802.1x
console(config-auth-radius)#key “dellSecret”
console(config)#exit
10
Configure the management interface and bypass 802.1x authentication for
the connected management host:
console(config)#interface Gi1/0/1
console(config-if-Gi1/0/1)#switchport access vlan 60
console(config-if-Gi1/0/1)#dot1x port-control force-authorized
console(config-if-Gi1/0/1)#ip access-group RADIUSCAP in 1
console(config)#exit
11
Configure a dedicated printer port. This ports is enabled for MAB only.
The VLAN is assigned by the RADIUS server:
console(config)#interface Gi1/0/21
console(config-if-Gi1/0/21)#switchport mode general
console(config-if-Gi1/0/21)#dot1x port-control mac-based
console(config-if-Gi1/0/21)#dot1x mac-auth-bypass
console(config-if-Gi1/0/21)#authentication order mab
console(config-if-Gi1/0/21)#authentication priority mab
console(config-if-Gi1/0/21)#exit
12
Configure a port for 802.1x access using MAB. This port will periodically
re-authenticate connected clients using the configured timer values. The
selected timer values are intended to reduce the time required to
authenticate:
console(config)#interface Gi1/0/22
console(config-if-Gi1/0/22)#switchport mode general
console(config-if-Gi1/0/22)#dot1x port-control mac-based
console(config-if-Gi1/0/22)#dot1x reauthentication
console(config-if-Gi1/0/22)#dot1x timeout quiet-period 10
console(config-if-Gi1/0/22)#dot1x timeout re-authperiod 300
console(config-if-Gi1/0/22)#dot1x timeout tx-period 7
console(config-if-Gi1/0/22)#dot1x timeout guest-vlan-period 5
console(config-if-Gi1/0/22)#dot1x timeout server-timeout 6
console(config-if-Gi1/0/22)#dot1x mac-auth-bypass
console(config-if-Gi1/0/22)#exit