Contents
viii
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Configuring RADIUS 7-20
Default RADIUS Configuration 7-20
Identifying the RADIUS Server Host 7-20
Configuring RADIUS Login Authentication 7-23
Defining AAA Server Groups 7-25
Configuring RADIUS Authorization for User Privileged Access and Network Services 7-27
Starting RADIUS Accounting 7-28
Configuring Settings for All RADIUS Servers 7-29
Configuring the Switch to Use Vendor-Specific RADIUS Attributes 7-29
Configuring the Switch for Vendor-Proprietary RADIUS Server Communication 7-31
Displaying the RADIUS Configuration 7-31
Controlling Switch Access with Kerberos 7-32
Understanding Kerberos 7-32
Kerberos Operation 7-34
Authenticating to a Boundary Switch 7-35
Obtaining a TGT from a KDC 7-35
Authenticating to Network Services 7-35
Configuring Kerberos 7-36
Configuring the Switch for Local Authentication and Authorization 7-36
Configuring the Switch for Secure Shell 7-37
Understanding SSH 7-38
SSH Servers, Integrated Clients, and Su pported Versions 7-38
Limitations 7-38
Configuring SSH 7-39
Configuration Guidelines 7-39
Setting Up the Switch to Run SSH 7-39
Configuring the SSH Server 7-40
Displaying the SSH Configuration and Status 7-41
CHAPTER
8Configuring IEEE 802.1x Port-Based Authentication 8-1
Understanding IEEE 802.1x Port-Based Authentication 8-1
Device Roles 8-2
Authentication Initiation and Message Exchange 8-3
Ports in Authorized and Unauthorized States 8-4
IEEE 802.1x Accounting 8-5
IEEE 802.1x Accounting Attribute-Value Pairs 8-5
IEEE 802.1x Host Mode 8-6
Using IEEE 802.1x with Port Security 8-7
Using IEEE 802.1x with VLAN Assignment 8-8