Using the CLI to configure 802.1X Port-Based Access Control

  1. Configure the RADIUS (Remote Authentication Dial In User Service) authentication server IP address.
    (Extreme 220) (Config)#radius server host auth 10.10.10.10
  2. Configure the RADIUS authentication server secret key.
    (Extreme 220) (Config)#radius server key auth 10.10.10.10

    You are prompted, and then re-prompted, to enter the secret key.

  3. Configure the RADIUS accounting server IP address.
    (Extreme 220) (Config)#radius server host acct 10.10.10.10
  4. Configure the RADIUS accounting server secret key.
    (Extreme 220) (Config)#radius server key acct 10.10.10.10

    You are prompted, and then re-prompted, to enter the secret key.

  5. Enable RADIUS accounting mode.
    (Extreme 220) (Config)#radius accounting mode
  6. Set IEEE 802.1X to use RADIUS as the AAA method.
    (Extreme 220) (Config)#aaa authentication dot1x default radius
  7. Enable 802.1X authentication on the switch.
    (Extreme 220) (Config)#dot1x system-auth-control
  8. Set the 802.1X mode for port 1/0/1 to Force Authorized.
    (Extreme 220) (Config)#interface 1/0/1
    (Extreme 220) (Interface 1/0/1)#dot1x port-control force-authorized
    (Extreme 220) (Interface 1/0/1)#exit