Enabling 802.1X Accounting - Cisco 4500M Software Manual
Software guide
Hide thumbs
Also See for 4500M:
- Command reference manual (578 pages) ,
- Hardware installation and maintenance manual (143 pages) ,
- Upgrade manual (24 pages)
Table of Contents
Advertisement
How to Configure 802.1X
To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global
configuration command.
This example shows how to specify the server with IP address 172.20.39.46 as the RADIUS server. The
first command specifies port 1612 as the authorization port, sets the encryption key to rad123. The
second command dictates that key matches will be performed on the RADIUS server:
Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123
Switch(config)# ip radius source-interface m/p
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the radius-server host global configuration command. If you want to configure these
options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the
radius-server key global configuration commands.
You also need to configure some settings on the RADIUS server. These settings include the IP address
of the switch and the key string to be shared by both the server and the switch.
Refer to the following Cisco IOS security documentation for information on how to configure AAA
system accounting:
•
•
Enabling 802.1X Accounting
If you plan to implement system-wide accounting, you should also configure 802.1X accounting.
Note
Moreover, you need to inform the accounting server of the system reload event when the system is
reloaded. Doing this, ensures that the accounting server knows that all outstanding 802.1X sessions on
this system are closed.
Once you configure 802.1X authentication and switch-to-RADIUS server communication, perform this
task to enable 802.1X accounting:
Command
Step 1
Switch # configure terminal
Step 2
Switch(config)# aaa accounting
dot1x default start-stop group
radius
Step 3
Switch(config)# clock timezone
PST -8
Step 4
Switch(config)# clock
calendar-valid
Step 5
Switch(config-if)# aaa accounting
system default start-stop group
radius
Step 6
Switch(config-if)# end
Step 7
Switch # show running-config
Step 8
Switch # copy running-config
startup-config
Software Configuration Guide—Release 12.2(25)EW
31-16
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/index.htm
Purpose
Enters global configuration mode.
Enables 802.1X accounting, using the list of all RADIUS servers.
Sets the time zone for the accounting event-time stamp field.
Enables the date for the accounting event-time stamp field.
(Optional) Enables system accounting (using the list of all RADIUS
servers) and generates system accounting reload event messages when the
switch reloads.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Chapter 31
Understanding and Configuring 802.1X Port-Based Authentication
OL-6696-01
Advertisement
Table of Contents
