Radius protocol and cloud AAA services
| on Mist for the EX | need to add an dot1x port to see the radius config |
|---|
| on Config template |
|
|
|
| At Switch Level |
|
| Config on the EX | Link
|
|---|
| Radius and dot1zdot1x |
| Code Block |
|---|
| root@NP_ground_floor> show configuration groups | display set | match dot1x
set groups mist-script event-options policy log-on-system-events events dot1xd_auth_session_deleted
set groups mist-script event-options policy log-on-system-events events dot1xd_rcvd_eaplogof_athntictd
set groups mist-script event-options policy log-on-system-events events dot1xd_usr_access_denied
set groups mist-script event-options policy log-on-system-events events dot1xd_usr_authenticated
set groups mist-script event-options policy log-on-system-events events dot1xd_usr_session_disconnected
set groups mist-dpc event-options policy dynamic-port-detect events dot1xd_usr_authenticated
set groups top access profile dot1x authentication-order radius
set groups top access profile dot1x radius authentication-server 192.168.0.21
set groups dot1x interfaces <*> unit 0 family ethernet-switching vlan members default
root@NP_ground_floor> show configuration groups | display set | match radius
set groups top access radius-server 192.168.0.21 port 1812
set groups top access radius-server 192.168.0.21 secret "$9$vnRWxdaZjqPQdb2aGUmPFn/90IEcyeM8RE"
set groups top access radius-server 192.168.0.21 timeout 5
set groups top access radius-server 192.168.0.21 retry 3
set groups top access profile dot1x authentication-order radius
set groups top access profile dot1x radius authentication-server 192.168.0.21
|
|
| Test on EX |
|
|---|
| test aaa authd-lite user testuser1 password password1 profile dot1x xauth | Code Block |
|---|
| title | test aaa |
|---|
| collapse | true |
|---|
| {master:0}
root@NP_ground_floor> test aaa authd-lite user testuser1 password password1 profile dot1x xauth
Authentication Grant
************User Attributes***********
User Name - testuser1
Framed IPv6 Prefix - <not set>
Framed IPv6 Pool - <not set>
NDRA IPv6 Prefix - <not set>
Login IPv6 Host - <not set>
Framed Interface Id - <not set>
Delegated IPv6 Prefix - <not set>
Delegated IPv6 Pool - <not set>
NDRA IPv6 Pool - <not set>
User Password - password1
Nas Ip Address - <not set>
NAS Port - 0
Service Type - 0
Framed IP Address - <not set>
Framed IP Netmask - <not set>
Filter Id - <not set>
Framed MTU - <not set>
Reply Message - <not set>
Framed Route - <not set>
Class - <not set>
Virtual Router Name - <not set>
Primary DNS IP Address - <not set>
Secondary DNS IP Address - <not set>
Primary WINS IP Address - <not set>
Secondary WINS IP Address - <not set>
Ingress Policy Name - <not set>
Egress Policy Name - <not set>
IGMP Enable - <not set>
PIM - <not set>
Redirect VR Name - <not set>
Service Bundle - <not set>
Framed Ip Route Tag - <not set>
Activate Service - <not set>
Deactivate Service - <not set>
Service Statistics - 0
IGMP Access Group Name - <not set>
IGMP Access Source Group_Name - <not set>
MLD Access Group Name - <not set>
MLD Access Source Group Name - <not set>
MLD Version - <not set>
IGMP Version <not set>
IGMP Immediate Leave - <not set>
MLD Immediate Leave - <not set>
IPv6 Ingress Policy Name - <not set>
IPv6 Egress Policy Name - <not set>
Service Interim Acct Interval - 0
Max Clients Per Interface - <not set>
Session Timeout - 599999940
Idle Timeout - <not set>
NAS Port Type - 0
Framed Pool - <not set>
Agent Remote Id - <not set>
Logging out subscriber
Terminate Id - <not set>
Test complete. Exiting
|
|
|
|
|
|