CANOGA PERKINS CanogaOS Configuration Guide User Manual

CanogaOS Configuration Guide

Proprietary & Confidential Canoga Perkins Metro Ethernet Switches

Page 315 of 350

Enabling IEEE 802.1x authentication

In this example, the Radius Server keeps the Client information, validating the identity of the
Client and updating the switch about the authentication status of the client. The Switch is the
physical access between the two Clients and the Server. It requests information from the client,
relays information to the Server and then back to the Client.
To configure 802.1x authentication, first enable authentication on ports eth-0-1 and then specify
the Radius Server IP address and port.

DUT# configure terminal

Enter the Configure mode.

DUT(config)# dot1x system-auth-ctrl

Enable IEEE 802.1x authentication globally on the switch.

DUT(config)#radius-server host
202.38.100.7 key test

Specify the radius server and the shared key

DUT(config)#interface eth-0-1

Enter the interface mode

DUT(config-if)#swichport mode access Set the port to access mode

DUT(config-if)# dot1x port-control auto Enable IEEE 802.1x authentication on the interface

DUT(config-if)# dot1x port-control dir
both

Set the control direction as both

DUT(config-if)# dot1x reauthentication

Enable reauthentication

DUT(config-if)# dot1x timeout
re-authperiod 7200

Set the timer: re-auth period to 2 hours(7200)

DUT(config)# exit

Exit interface mode and enter the Configure mode.

DUT(config)#interface eth-0-3

Enter the interface mode