Configuring Coa On The Switch - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Controlling Switch Access with RADIUS
Configuring CoA on the Switch
To configure CoA on a switch, perform these steps. This procedure is required.
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# aaa new-model
Step 3
Switch(config)# aaa server radius
dynamic-author
Step 4
Switch(config-locsvr-da-radius)#
{
client
ip-address
] [
vrfname
server-key string
Step 5
Switch(config-locsvr-da-radius)#
y [
|
server-ke
0
7
Step 6
Switch(config-locsvr-da-radius)#
port port-number
Step 7
Switch(config-locsvr-da-radius)#
auth-type {any | all | session-key}
Step 8
Switch(config-locsvr-da-radius)#
ignore session-key
Step 9
Switch(config-locsvr-da-radius)#
ignore server-key
Step 10
Switch(config-locsvr-da-radius)#
exit
Step 11
Switch(config)# authentication
command bounce-port ignore
Step 12
Switch(config)# authentication
command disable-port ignore
Step 13
Switch# end
Step 14
Switch# show running-config
Step 15
Switch# copy running-config
startup-config
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
44-112
Purpose
Enters global configuration mode.
Enables AAA.
Configures the switch as an authentication, authorization, and accounting
(AAA) server to facilitate interaction with an external policy server.
Enters dynamic authorization local server configuration mode and specify
|
} [
name
vrf
a RADIUS client from which a device will accept CoA and disconnect
]
requests.
Configures the RADIUS key to be shared between a device and RADIUS
]
string
clients.
Specifies the port on which a device listens for RADIUS requests from
configured RADIUS clients.
Specifies the type of authorization the switch uses for RADIUS clients.
The client must match all the configured attributes for authorization.
(Optional) Configures the switch to ignore the session-key.
For more information about the ignore command, see the
Intelligent Services Gateway Command Reference
(Optional) Configures the switch to ignore the server-key.
For more information about the ignore command, see the
Intelligent Services Gateway Command Reference
Switches to global configuration mode.
(Optional) Configures the switch to ignore a CoA request to temporarily
disable the port hosting a session. The purpose of temporarily disabling
the port is to trigger a DHCP renegotiation from the host when a VLAN
change occurs and there is no supplicant on the endpoint to detect the
change.
(Optional) Configures the switch to ignore a nonstandard command
requesting that the port hosting a session be administratively shut down.
Shutting down the port results in termination of the session.
Use standard CLI or SNMP commands to re-enable the port.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Chapter 44
Configuring 802.1X Port-Based Authentication
on Cisco.com.
on Cisco.com.
Cisco IOS
Cisco IOS
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
