Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Radius protocol and cloud AAA services


on Mist for the EXneed to add an dot1x port to see the radius config
on Config template


At Switch Level
Config on the EX

Link


Radius and dot1x


Code Block
titleEX Config
root@NP_ground_floor> show configuration groups | display set | match dot1x
set groups mist-script event-options policy log-on-system-events events dot1xd_auth_session_deleted
set groups mist-script event-options policy log-on-system-events events dot1xd_rcvd_eaplogof_athntictd
set groups mist-script event-options policy log-on-system-events events dot1xd_usr_access_denied
set groups mist-script event-options policy log-on-system-events events dot1xd_usr_authenticated
set groups mist-script event-options policy log-on-system-events events dot1xd_usr_session_disconnected
set groups mist-dpc event-options policy dynamic-port-detect events dot1xd_usr_authenticated
set groups top access profile dot1x authentication-order radius
set groups top access profile dot1x radius authentication-server 192.168.0.21
set groups dot1x interfaces <*> unit 0 family ethernet-switching vlan members default


root@NP_ground_floor> show configuration groups | display set | match radius
set groups top access radius-server 192.168.0.21 port 1812
set groups top access radius-server 192.168.0.21 secret "$9$vnRWxdaZjqPQdb2aGUmPFn/90IEcyeM8RE"
set groups top access radius-server 192.168.0.21 timeout 5
set groups top access radius-server 192.168.0.21 retry 3
set groups top access profile dot1x authentication-order radius
set groups top access profile dot1x radius authentication-server 192.168.0.21



Test on EX

test aaa authd-lite user testuser1 password password1 profile dot1x xauth

Code Block
titletest aaa
collapsetrue
{master:0}
root@NP_ground_floor> test aaa authd-lite user testuser1 password password1 profile dot1x xauth
    Authentication Grant
    ************User Attributes***********
         User Name -                              testuser1
         Framed IPv6 Prefix -                     <not set>
         Framed IPv6 Pool -                       <not set>
         NDRA IPv6 Prefix -                       <not set>
         Login IPv6 Host -                        <not set>
         Framed Interface Id -                    <not set>
         Delegated IPv6 Prefix -                  <not set>
         Delegated IPv6 Pool -                    <not set>
         NDRA IPv6 Pool -                         <not set>
         User Password -                          password1
         Nas Ip Address -                         <not set>
         NAS Port -                               0
         Service Type -                           0
         Framed IP Address -                      <not set>
         Framed IP Netmask -                      <not set>
         Filter Id -                              <not set>
         Framed MTU -                             <not set>
         Reply Message -                          <not set>
         Framed Route -                           <not set>
         Class -                                  <not set>
         Virtual Router Name -                    <not set>
         Primary DNS IP Address -                 <not set>
         Secondary DNS IP Address -               <not set>
         Primary WINS IP Address -                <not set>
         Secondary WINS IP Address -              <not set>
         Ingress Policy Name -                    <not set>
         Egress Policy Name -                     <not set>
         IGMP Enable -                            <not set>
         PIM -                                    <not set>
         Redirect VR Name -                       <not set>
         Service Bundle -                         <not set>
         Framed Ip Route Tag -                    <not set>
         Activate Service -                       <not set>
         Deactivate Service -                     <not set>
         Service Statistics -                     0
         IGMP Access Group Name -                 <not set>
         IGMP Access Source Group_Name -          <not set>
         MLD Access Group Name -                  <not set>
         MLD Access Source Group Name -           <not set>
         MLD Version -                            <not set>
         IGMP Version                             <not set>
         IGMP Immediate Leave -                   <not set>
         MLD Immediate Leave -                    <not set>
         IPv6 Ingress Policy Name -               <not set>
         IPv6 Egress Policy Name -                <not set>
         Service Interim Acct Interval -          0
         Max Clients Per Interface -              <not set>
         Session Timeout -                        599999940
         Idle Timeout -                           <not set>
         NAS Port Type -                          0
         Framed Pool -                            <not set>
         Agent Remote Id -                        <not set>
    Logging out subscriber
         Terminate Id -                           <not set>
    Test complete. Exiting







...