Configuring ieee 802.1x accounting – Dell POWEREDGE M1000E User Manual

Page 309

Advertising
background image

10-47

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

Beginning in privileged EXEC mode, follow these steps to set the re-authentication number. This
procedure is optional.

To return to the default re-authentication number, use the no dot1x max-reauth-req interface
configuration command.

This example shows how to set 4 as the number of times that the switch restarts the authentication
process before the port changes to the unauthorized state:

Switch(config-if)# dot1x max-reauth-req 4

Configuring IEEE 802.1x Accounting

Enabling AAA system accounting with IEEE 802.1x accounting allows system reload events to be sent
to the accounting RADIUS server for logging. The server can then infer that all active IEEE 802.1x
sessions are closed.

Because RADIUS uses the unreliable UDP transport protocol, accounting messages might be lost due to
poor network conditions. If the switch does not receive the accounting response message from the
RADIUS server after a configurable number of retransmissions of an accounting request, this system
message appears:

Accounting message %s for session %s failed to receive Accounting Response.

When the stop message is not sent successfully, this message appears:

00:09:55: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.246.201:1645,1646 is not responding.

Note

You must configure the RADIUS server to perform accounting tasks, such as logging start, stop, and
interim-update messages and time stamps. To turn on these functions, enable logging of
“Update/Watchdog packets from this AAA client” in your RADIUS server Network Configuration tab.
Next, enable “CVS RADIUS Accounting” in your RADIUS server System Configuration tab.

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

interface interface-id

Specify the port to be configured, and enter interface configuration mode.

Step 3

dot1x max-reauth-req count

Set the number of times that the switch restarts the authentication process
before the port changes to the unauthorized state. The range is 0 to 10; the
default is 2.

Step 4

end

Return to privileged EXEC mode.

Step 5

show authentication interface-id

or

show dot1x interface interface-id

Verify your entries.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Advertising
Popular Brands
Popular manuals