How to Configure 802.1x Port-Based Authentication
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
aaa new-model
Example:
Switch(config)# aaa new-model
Step 3
radius-server dead-criteria{time seconds }
[tries number]
Example:
Switch(config)# radius-server
dead-criteria time 20 tries 10
Step 4
radius-serverdeadtimeminutes
Example:
Switch(config)# radius-server deadtime
60
Step 5
radius-server host ip-address
address[acct-port udp-port][auth-port
udp-port] [testusername name[idle-time time]
[ignore-acct-port][ignore auth-port]] [key
string]
Example:
Switch(config)# radius-server host
1.1.1.2 acct-port 1550 auth-port
1560 test username user1 idle-time 30
key abc1234
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1384
Purpose
Enters the global configuration mode.
Enables AAA.
Sets the conditions that determine when a RADIUS server is considered
un-available or down (dead).
• time— 1 to 120 seconds. The switch dynamically determines a
default seconds value between 10 and 60.
• number—1 to 100 tries. The switch dynamically determines a default
triesnumber between 10 and 100.
(Optional) Sets the number of minutes during which a RADIUS server is
not sent requests. The range is from 0 to 1440 minutes (24 hours). The
default is 0 minutes.
(Optional) Configure the RADIUS server parameters by using these
keywords:
• acct-portudp-port—Specify the UDP port for the RADIUS
accounting server. The range for the UDP port number is from 0 to
65536. The default is 1646.
• auth-portudp-port—Specify the UDP port for the RADIUS
authentication server. The range for the UDP port number is from 0
to 65536. The default is 1645.
You should configure the UDP port for the RADIUS
Note
accounting server and the UDP port for the RADIUS
authentication server to nondefault values.
• test usernamename—Enable automated testing of the RADIUS
server status, and specify the username to be used.
• idle-time time—Set the interval of time in minutes after which the
switch sends test packets to the server. The range is from 1 to 35791
minutes. The default is 60 minutes (1 hour).