Reset Search
 

 

Article

200 series How to configure Radius for Dot1x

« Go Back

Information

 
Title200 series How to configure Radius for Dot1x
Question
How to configure the 200 series for RADIUS authentication with dot1x?
Environment
  • 200 series
  • 802.1x/dot1x
  • RADIUS
Answer
In the CLI, it should look similar to this:
authentication enable
dot1x system-auth-control
aaa authentication dot1x default radius --> in the web GUI this is on the aaa tab
authorization network radius
radius server host auth "10.58.155.254" name "Default-RADIUS-Server"
radius server key auth "10.58.155.254" encrypted 8f1aaf7b726fd23c4051e67a37b6b7fcab11d53b9243ee7a06ce730129d0a85ee8b806ab2860fe879a93d1d88ce9b30aa208934495ddb901ffdf92bd51b7a909
radius server primary "10.58.155.254"
radius server attribute 4 10.58.1.220 --> This is the source interface on the switch through which RADIUS server is reachable
line console
exit

The uplink should be set to forced authentication:
interface 0/48
dot1x port-control force-authorized
exit

Ports to run Dot1x should have this:
interface 0/1
authentication order  dot1x
authentication priority  dot1x
exit
Additional notes
For dynamic VLAN creation, see the following article -
How to enable dynamic VLAN creation in 200 series switches with dot1x/RADIUS?

Verification:
(Extreme 210) #show radius
 
Number of Configured Authentication Servers.... 1
Number of Configured Accounting Servers........ 0
Number of Named Authentication Server Groups... 1
Number of Named Accounting Server Groups....... 0
Number of Retransmits.......................... 4
Timeout Duration............................... 5
RADIUS Accounting Mode......................... Disable
RADIUS Attribute 4 Mode........................ Enable
RADIUS Attribute 4 Value....................... 10.58.1.220 -> Source interface
 
(Extreme 210) #show radius statistics 10.58.155.254
 
RADIUS Server Name............................. Default-RADIUS-Server
Server Host Address............................ 10.58.155.254
Round Trip Time................................ 0.14
Access Requests................................ 18
Access Retransmissions......................... 0
Access Accepts................................. 2
Access Rejects................................. 0
Access Challenges.............................. 16
Malformed Access Responses..................... 0
Bad Authenticators............................. 0
Pending Requests............................... 0
Timeouts....................................... 0
Unknown Types.................................. 0
Packets Dropped................................ 0

(Extreme 210) #show logging buffered
 
<189> Nov 25 11:19:24 DOT1X[dot1xTask]: dot1x_radius.c(976) 630241 %% Dot1x authenticated successfully
<189> Nov 25 11:19:23 TRAPMGR[trapTask]: traputil.c(721) 630229 %% Link Up: 0/1
<189> Nov 25 11:19:15 TRAPMGR[trapTask]: traputil.c(721) 630227 %% Link Down: 0/1

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255