9-40
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter9 Configuring Switch-Based Authenticatio n
Controlling Switch Access with Kerberos

Monitoring and Troubleshooting CoA Functionality

Use these Cisco IOS commands to monitor and troubleshoot CoA functionality on the switch:
debug radius
debug aaa coa
debug aaa pod
debug aaa subsys
debug cmdhd [detail | error | events]
show aaa attributes protocol radius

Configuring RADIUS Server Load Balancing

This feature allows access and authentication requests to be evenly across all RADIUS servers in a server
group. For more information, see the “RADIUS Server Load Balancing” chapter of the “Cisco IOS
Security Configuration Guide”, Release 12.2:
http://www.ciscosystems.com/en/US/docs/ios/12_2sb/feature/guide/sbrdldbl.html

Displaying the RADIUS Configuration

To display the RADIUS configuration, use the show running-config privileged EXEC command.
Controlling Switch Access with Kerberos
This section describes how to enable and configure the Kerberos security system, which authenticates
requests for network resources by using a trusted third party. To use this feature, the cryptographic (that
is, supports encryption) versions of the switch software must be installed on your switch.
You must obtain authorization to use this feature and to download the cryptographic software files from
Cisco.com. For more information, see the release notes for this release.
These sections contain this information:
Understanding Kerberos, page9-41
Kerberos Operation, page9-43
Configuring Kerberos, page9-44
For Kerberos configuration examples, see the “Kerberos Configuration Examples” section in the
“Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release12.2:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/fsecur_c.html
For complete syntax and usage information for the commands used in this section, see the “Kerberos
Commands” section in the “Security Server Protocols” chapter of the Cisco IOS Security Command
Reference, Release12.2:
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/fsecur_r.html
Note In the Kerberos configuration examples and in the Cisco IOS Security Command Reference,
Release 12.2, the trusted third party can be a Catalyst 3750 switch that supports Kerberos, that is
configured as a network security server, and that can authenticate users by using the Kerberos protocol.