UMN:CLI

User Manual

 

SURPASS hiD 6615 S223/S323 R1.5

 

 

 

i

After default server is designated, all requests start from the RADIUS server. If there’s no response from default server again, the authentication request is tried for RADIUS server designated as next one.

To configure IP address of RADIUS server and key value, use the following command.

Command

 

Mode

Description

 

 

 

 

 

 

 

Registers RADIUS server with key value and UDP port

dot1x radius-server host

{IP-

 

of radius server.

 

IP-ADDRESS: Ip address of radius server

ADDRESS NAME} auth-port<0-

 

 

NAME: host name

65535> key KEY

 

 

 

 

0-65535: UDP port number

 

 

Global

 

 

KEY: the value of key

 

 

 

 

 

 

 

dot1x radius-server host

{IP-

 

Configures IP address of RADIUS server and key

ADDRESS NAME} key KEY

 

 

value.

 

 

 

no dot1x radius-server host {IP-

 

Deletes a registered RADIUS server.

ADDRESS NAME}

 

 

 

 

 

 

 

 

 

You can designate up to 5 RADIUS servers as authenticator.

The key is authentication information between the authenticator and RADIUS server. The authenticator and RADIUS server must have a same key value, and you can use alpha- betic characters and numbers for the key value. The space or special character is not al- lowed.

You can configure the priority for the radius server that have configured by user.

Command

Mode

Description

 

 

 

dot1x radius-server move {IP-

 

Configures the priority of radius server.

ADDRESS NAME} priority PRI-

Global

IP-ADDRESS: Ip address of radius server

ORITY

 

NAME: host name

 

 

 

4.5.1.3Configuring Authentication Mode

You can change the authentication mode from the port-based to the MAC-based. To change the authentication mode, use the following command.

Command

 

Mode

Description

 

 

 

 

dot1x auth-mode

mac-base

 

Sets the authentication mode to the MAC-based.

PORTS

 

 

 

Global

 

 

 

 

no dot1x auth-mode mac-base

Restores the authentication mode to the port-based.

 

PORTS

 

 

 

 

 

 

 

 

 

i

Before setting the authentication mode to the MAC-based, you need to set a MAC filtering policy to deny them for all the Ethernet ports. To configure a MAC filtering policy, see Sec- tion 7.12.1

66

A50010-Y3-C150-2-7619

Page 66
Image 66
Siemens S323, S223 user manual Configuring Authentication Mode, Dot1x radius-server host