Cisco Systems 3560X Manual De Usuario
10-37
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 10 Configuring Switch-Based Authentication
Controlling Switch Access with RADIUS
As mentioned earlier, to configure RADIUS (whether vendor-proprietary or IETF draft-compliant), you
must specify the host running the RADIUS server daemon and the secret text string it shares with the
switch. You specify the RADIUS host and secret text string by using the radius-server global
configuration commands.
must specify the host running the RADIUS server daemon and the secret text string it shares with the
switch. You specify the RADIUS host and secret text string by using the radius-server global
configuration commands.
Beginning in privileged EXEC mode, follow these steps to specify a vendor-proprietary RADIUS server
host and a shared secret text string:
host and a shared secret text string:
To delete the vendor-proprietary RADIUS host, use the no radius-server host {hostname | ip-address}
non-standard
non-standard
global configuration command. To disable the key, use the no radius-server key global
configuration command.
This example shows how to specify a vendor-proprietary RADIUS host and to use a secret key of rad124
between the switch and the server:
between the switch and the server:
Switch(config)# radius-server host 172.20.30.15 nonstandard
Switch(config)# radius-server key rad124
Configuring CoA on the Switch
Beginning in privileged EXEC mode, follow these steps to configure CoA on a switch. This procedure
is required.
is required.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
radius-server host
{hostname | ip-address} non-standard Specify the IP address or hostname of the remote
RADIUS server host and identify that it is using a
vendor-proprietary implementation of RADIUS.
vendor-proprietary implementation of RADIUS.
Step 3
radius-server key
string
Specify the shared secret text string used between the
switch and the vendor-proprietary RADIUS server.
The switch and the RADIUS server use this text
string to encrypt passwords and exchange responses.
switch and the vendor-proprietary RADIUS server.
The switch and the RADIUS server use this text
string to encrypt passwords and exchange responses.
Note
The key is a text string that must match the
encryption key used on the RADIUS server.
Leading spaces are ignored, but spaces within
and at the end of the key are used. If you use
spaces in your key, do not enclose the key in
quotation marks unless the quotation marks
are part of the key.
encryption key used on the RADIUS server.
Leading spaces are ignored, but spaces within
and at the end of the key are used. If you use
spaces in your key, do not enclose the key in
quotation marks unless the quotation marks
are part of the key.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
Verify your settings.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
aaa new-model
Enable AAA.
Step 3
aaa server radius dynamic-author
Configure the switch as an authentication, authorization, and accounting
(AAA) server to facilitate interaction with an external policy server.
(AAA) server to facilitate interaction with an external policy server.