radius = remote authentication dial in user service...
the first question one should ask is, do user's actually dial in anymore?
at any rate...
enable aaa new-model as you would for tacacs
aaa new-model
then the radius server
radius-server host (hostname) (key)
define the 802.1x authentication method
aaa authentication dot1x default group radius
enable 802.1x on the switch
dot1x system-auth-control
configure each switchport for usage
(config-if)# dot1x port-control {force-authorized | forceunauthorized
| auto}
| auto}
then sit back and try to figure out why you'd ever use this garbage...
No comments:
Post a Comment