DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-10
You cannot enable 1X authentication for Aggregate Port.
If the 1x function is enabled on only one port of a switch, all the port will send the 1x
protocol packets to the CPU.
4.2.3 Configuring the
communication between
the device and Radius
server
The Radius Server maintains the information of all users: user name, password, authorization
information and accounting information. All users are managed on the Radius Server in a
centralized manner, without being distributed over various switches, making easier
management for the administrator.
In order for the switch to normally communicate with the RADIUS SERVER, you must set the
following parameters:
Radius Server end: You must register a Radius Client. At registration, you must supply the
Radius Server switch’s IP address, authentication UDP port (add the accounting UDP port, if
needed), and the agreed key for communication between the switch and Radius Server, and
select EAP support for the Client. The procedure for registering one Radius Client on the
Radius Server varies with different software settings. Please refer to the appropriate
document.
Device end: The following settings are necessary at the device end to ensure the
communication between the device and the server: Configure the IP address of the Radius
Server, authentication (accounting) UDP port and the agreed password for the communication
with the server.
In the privileged mode, you can set the communication between the switch and the Radius
Server via the following steps:
Command Function
configure terminal
Enter the global configuration mode.
aaa new-model
Turn on the AAA switch.
radius-server host ip-address [auth-port
port] [acct-port port]
Configure the RADIUS server
Radius-server key string
Configure RADIUS Key.
End
Return to the privileged mode.
Write
Save the configuration.
Show radius server
Show the RADIUS server.
You can use the no radius-server host ip-address auth-port command to restore the
authentication UDP port of the Radius Server to its default. You can use the no radius-server
key command to delete the authentication key of the Radius Server. The following example