Difference between revisions of "Dot1x authentication"
From Teknologisk videncenter
| Line 3: | Line 3: | ||
---- | ---- | ||
| − | Cisco opsætning: | + | Cisco 2960 opsætning: |
| + | |||
Global commands: | Global commands: | ||
aaa new-model | aaa new-model | ||
| Line 14: | Line 15: | ||
For Switch login: | For Switch login: | ||
| + | |||
config mode: | config mode: | ||
aaa authentication login networkacces group radius local enable | aaa authentication login networkacces group radius local enable | ||
| Line 22: | Line 24: | ||
For port authentication: | For port authentication: | ||
| + | |||
config mode: | config mode: | ||
aaa authentication dot1x default group radius local | aaa authentication dot1x default group radius local | ||
Revision as of 12:29, 23 February 2011
Denne side indeholder en radius dot1x opsætning, i mellem en server 2008 med network policy server og Cisco 2960 switch.
Cisco 2960 opsætning:
Global commands:
aaa new-model dot1x system-auth-control radius-server host 172.16.3.10 auth-port 1812 acct-port 1813 key cisco
aaa group server radius access server 172.16.3.10 auth-port 1812 acct-port 1813 ip radius source-interface Vlan49
For Switch login:
config mode:
aaa authentication login networkacces group radius local enable aaa authorization exec default group access if-authenticated
line VTY 0 15 login authentication networkacces
For port authentication:
config mode:
aaa authentication dot1x default group radius local aaa authorization network default group radius
interface FastEthernet0/23 authentication port-control auto dot1x pae authenticator
Hvis der bruges en ældre switch så kan kommandoen til interfacet være dot1x port-control auto