ACCESS USING RADIUS

CHAPTER 7: ACCESS USING RADIUS

7.2Configuring 802.1x through the Command Line Interface

7.2.1Commands

On enabling 802.1x ports, make sure the port which connects to the RADIUS servers needs to be manually authenticated. To authenticate the port, use the setport command. The CLI commands to configure and perform authentication with a RADIUS server are described below.

The auth command enters the configuration mode to configure the 802.1x parameters.

auth

The show auth command displays the 802.1x configuration or port status.

show auth <configports>

The authserver command define the RADIUS server. Use the UDP socket number if the

RADIUS authentication is on a port other than 1812.

authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>]

The auth enable and auth disable commands enable or disable the 802.1x authenticator function on the MultiLink ML1200 Managed Field Switch.

auth <enabledisable>

The setport command configures the port characteristics for an 802.1x network.

setport port=<numlistrange> [status=<enabledisable>] [control=<autoforceauthforceunauth>] [initialize=<assertdeassert>]

The backend port command configure the parameters for EAP over RADIUS.

backend port=<numlistrange> [supptimeout=<1-240>] [servertimeout=<1-240] [maxreq=<1-10>]

The port argument is mandatory and represents the port(s) to be configured. The supptimeout argument is optional and represents the timeout in seconds the authenticator waits for the supplicant to respond back. The default value is 30 seconds and values can range from 1 to 240 seconds. The servertimeout argument is optional and represents the timeout in seconds the authenticator waits for the back-end RADIUS server to respond. The default value is 30 seconds and can range from 1 to 240 seconds. The maxreq argument is optional and represents the maximum number of times the authenticator will retransmit an EAP request packet to the Supplicant before it times out the authentication session. Its default value is 2 and can be set to any integer value from 1 to 10.

The portaccess command sets port access parameters for authenticating PCs or supplicants.

portaccess port=<numlistrange>

[quiet=<0-65535>] [maxreauth=<0-10>] [transmit=<1-65535>]

The port argument is mandatory and identifies the ports to be configured. The quiet argument is optional and represents the quiet period – the amount of time, in seconds, the supplicant is held after an authentication failure before the authenticator retries the supplicant for connection. The default value is 60 seconds and values can range from 0 to 65535 seconds. The maxreauth argument is optional and represents the number of re- authentication attempts permitted before the port is unauthorized. The default value is 2

7–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Page 127 Page 129
Page 128
Image 128
GE ML1200 Configuring 802.1x through the Command Line Interface, Show auth configports, Auth enabledisable
Page 127 Page 129
Top Page Image Contents