Difference between revisions of "Dot1x authentication"
From Teknologisk videncenter
(New page: Denne side indeholder en radius dot1x opsætning, i mellem en server 2008 med network policy server og Cisco 2960 switch. ---- Cisco opsætning: **********Global commands********** aaa n...) |
|||
| Line 4: | Line 4: | ||
Cisco opsætning: | Cisco opsætning: | ||
| − | + | Global commands: | |
| − | aaa new-model | + | aaa new-model |
| − | dot1x system-auth-control | + | dot1x system-auth-control |
| − | radius-server host 172.16.3.10 auth-port 1812 acct-port 1813 key cisco | + | radius-server host 172.16.3.10 auth-port 1812 acct-port 1813 key cisco |
| − | aaa group server radius access | + | aaa group server radius access |
server 172.16.3.10 auth-port 1812 acct-port 1813 | server 172.16.3.10 auth-port 1812 acct-port 1813 | ||
ip radius source-interface Vlan49 | ip radius source-interface Vlan49 | ||
| − | + | For Switch login: | |
config mode: | config mode: | ||
| − | aaa authentication login networkacces group radius local enable | + | aaa authentication login networkacces group radius local enable |
| − | aaa authorization exec default group access if-authenticated | + | aaa authorization exec default group access if-authenticated |
| − | line VTY 0 15 | + | line VTY 0 15 |
| − | login authentication networkacces | + | login authentication networkacces |
| − | + | For port authentication: | |
config mode: | config mode: | ||
| − | aaa authentication dot1x default group radius local | + | aaa authentication dot1x default group radius local |
| − | aaa authorization network default group radius | + | aaa authorization network default group radius |
| − | interface FastEthernet0/23 | + | interface FastEthernet0/23 |
authentication port-control auto | authentication port-control auto | ||
dot1x pae authenticator | dot1x pae authenticator | ||
Hvis der bruges en ældre switch så kan kommandoen til interfacet være dot1x port-control auto | Hvis der bruges en ældre switch så kan kommandoen til interfacet være dot1x port-control auto | ||
Revision as of 11:27, 23 February 2011
Denne side indeholder en radius dot1x opsætning, i mellem en server 2008 med network policy server og Cisco 2960 switch.
Cisco opsætning: Global commands:
aaa new-model dot1x system-auth-control radius-server host 172.16.3.10 auth-port 1812 acct-port 1813 key cisco
aaa group server radius access server 172.16.3.10 auth-port 1812 acct-port 1813 ip radius source-interface Vlan49
For Switch login: config mode:
aaa authentication login networkacces group radius local enable aaa authorization exec default group access if-authenticated
line VTY 0 15 login authentication networkacces
For port authentication: config mode:
aaa authentication dot1x default group radius local aaa authorization network default group radius
interface FastEthernet0/23 authentication port-control auto dot1x pae authenticator
Hvis der bruges en ældre switch så kan kommandoen til interfacet være dot1x port-control auto