9-42
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Configuring Web Authentication
Beginning in privileged EXEC mode, follow these steps to configure authentication, authorization,
accounting (AAA) and RADIUS on a switch before configuring web au the ntica tion. T he st eps e nabl e
AAA by using RADIUS authentication and enable device tracking.
This example shows how to enable AAA, use RADIUS authentication and enable device tracking:
Switch(config) configure terminal
Switch(config)# aaa new-model
Switch(config)# aaa authentication login default group radius
Switch(config)# aaa authorization auth-proxy default group radius
Switch(config)# radius-server host 1.1.1.2 key key1
Switch(config)# radius-server attribute 8 include-in-access-req
Switch(config)# radius-server vsa send authentication
Switch(config)# ip device tracking
Switch(config) end
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 aaa new-model Enable AAA.
Step3 aaa authentication login default group
radius Use RADIUS authentication. Before you can use this authentication
method, you must configure the RADIUS server. For more
information, see Chapter 7, “Configuring Switch-Based
Authentication.”
The console prompts you for a username and password on future
attempts to access the switch console after entering the aaa
authentication login command. If you do not want to be prompted for
a username and password, configure a second login authentication
list:
Switch# configure terminal
Switch(config)# aaa authentication login line-console none
Switch(config)# line console 0
Switch(config-line)# login authentication line-console
Switch(config-line)# end
Step4 aaa authorization auth-proxy default
group radius Use RADIUS for authentication-proxy (auth-proxy) authorization.
Step5 radius-server host key radius-key Specify the authentication and encryption key for RADIUS
communication between the switch and the RADIUS daemon.
Step6 radius-server attribute 8
include-in-access-req Configure the switch to send the Framed-IP-Address RADIUS
attribute (Attribute[8]) in access-request or accounting-request
packets.
Step7 radius-server vsa send authentication Configure the network access server to recognize and use
vendor-specific attributes (VSAs).
Step8 ip device tracking Enable the IP device tracking table.
To disable the IP device t rac king table, use the no ip device tracking
global configuration commands.
Step9 end Return to privileged EXEC mode.