![]() Port-security port-mode userlogin-secure-or-mac-ext ![]() Undo mac-authentication offline-detect enable Mac-authentication re-authenticate server-unreachable keep-online Secondary accounting 192.168.0.2 key simple *****Īuthentication lan-access radius-scheme MyRadiusServerĪuthorization lan-access radius-scheme MyRadiusServerĪdded 2 entries interface range GigabitEthernet1/0/1 to GigabitEthernet1/0/48ĭot1x re-authenticate server-unreachable keep-online Secondary authentication 192.168.0.2 key simple ***** Primary authentication 192.168.0.1 key simple ***** Here are the global parameters with explanations inline: dot1x authentication-method eap Users who cant authenticate, will be forced to VLAN 999 (quarantine VLAN with no gateway). The best way is to use interface-range command to be safe at your configuration. You have global configuration parameters and parameters for each interface. Now let’s go to the switch configuration. The second network policy is for the mac-based authentication:Ĭomware switches are sending MAC-Auth-requests via PAP (maybe you know how to change it to CHAP):įor now we have built up our authentication server. The final dot1x configuration in the NPS: The next step is for our dynamic VLAN assignment. Choose PEAP only as the authentication method: The clients will use their computer certificate so you will need a running internal certification authority. I also configured a NAS Identifier so no other device can use the radius server. So we will now configure two network policies for our network access control:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |