Dot1x authentication

From Teknologisk videncenter
Revision as of 11:29, 23 February 2011 by SFarsø (talk | contribs)
Jump to: navigation, search

Denne side indeholder en radius dot1x opsætning, i mellem en server 2008 med network policy server og Cisco 2960 switch.


Cisco 2960 opsætning:

Global commands:

aaa new-model
dot1x system-auth-control
radius-server host 172.16.3.10 auth-port 1812 acct-port 1813 key cisco
aaa group server radius access
server 172.16.3.10 auth-port 1812 acct-port 1813
ip radius source-interface Vlan49

For Switch login:

config mode:

aaa authentication login networkacces group radius local enable
aaa authorization exec default group access if-authenticated
line VTY 0 15
login authentication networkacces

For port authentication:

config mode:

aaa authentication dot1x default group radius local
aaa authorization network default group radius
interface FastEthernet0/23
authentication port-control auto
dot1x pae authenticator

Hvis der bruges en ældre switch så kan kommandoen til interfacet være dot1x port-control auto