Configuring Coa On The Switch - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Chapter 9
Configuring Switch-Based Authentication
Command
Step 3
radius-server key string
Step 4
end
Step 5
show running-config
Step 6
copy running-config startup-config
To delete the vendor-proprietary RADIUS host, use the no radius-server host {hostname | ip-address}
non-standard global configuration command. To disable the key, use the no radius-server key global
configuration command.
This example shows how to specify a vendor-proprietary RADIUS host and to use a secret key of rad124
between the switch and the server:
Switch(config)# radius-server host 172.20.30.15 nonstandard
Switch(config)# radius-server key rad124
Configuring CoA on the Switch
Beginning in privileged EXEC mode, follow these steps to configure CoA on a switch. This procedure
is required.
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa server radius dynamic-author
Step 4
client {ip-address | name} [vrf vrfname]
[server-key string]
Step 5
server-key [0 | 7] string
Step 6
port port-number
Step 7
auth-type {any | all | session-key}
OL-26520-01
Purpose
Specify the shared secret text string used between the
switch and the vendor-proprietary RADIUS server.
The switch and the RADIUS server use this text
string to encrypt passwords and exchange responses.
Note
Return to privileged EXEC mode.
Verify your settings.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Enable AAA.
Configure the switch as an authentication, authorization, and accounting
(AAA) server to facilitate interaction with an external policy server.
Enter dynamic authorization local server configuration mode and specify
a RADIUS client from which a device will accept CoA and disconnect
requests.
Configure the RADIUS key to be shared between a device and RADIUS
clients.
Specify the port on which a device listens for RADIUS requests from
configured RADIUS clients.
Specify the type of authorization the switch uses for RADIUS clients.
The client must match all the configured attributes for authorization.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Controlling Switch Access with RADIUS
The key is a text string that must match the
encryption key used on the RADIUS server.
Leading spaces are ignored, but spaces within
and at the end of the key are used. If you use
spaces in your key, do not enclose the key in
quotation marks unless the quotation marks
are part of the key.
9-39
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
