In this example, VLAN 200 is made active by adding the unused port 2/1/12 as an untagged member.ĭevice(config-vlan-200)# untagged ethernet 2/1/12 A VLAN is active when it has at least one untagged or tagged member port. This VLAN must be active in the Brocade switch. Create the VLANs that will be assigned to clients by RADIUS.The auth-default VLAN is used in this scenario.ĭevice(config)# vlan 2 name auth-default-vlan Sometimes the RADIUS server may authenticate the client but not return VLAN information on where the client should be placed. When any port is enabled for 802.1X authentication or MAC authentication, the port is moved into this VLAN by default as a MAC VLAN member. This VLAN must be configured to enable authentication. Create a VLAN to use as the auth-default VLAN.UDP port 1812 is used for RADIUS authentication messages, and UDP port 1813 is used for RADIUS accounting messages.ĭevice(config)# radius-server host 10.20.64.208 auth-port 1812 acct-port 1813 default key secret dot1x mac-auth web-auth The shared key should match the key given during client configuration on the RADIUS server. In the following example, the RADIUS server IP address is 10.20.64.208 and the shared key is "secret". The following command configures the switch to use the configured RADIUS server to authenticate 802.1X-authentication or MAC-authentication clients.ĭevice(config)# aaa authentication dot1x default radius Specify RADIUS as an authentication server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |