Configure the Switch for EAP and RADIUS
Perform the following procedure to configure the switch for EAP and RADIUS.
About this task
You must configure the switch, through which user-based-policy (UBP) users connect to communicate with the RADIUS server to exchange EAP authentication information, as well as user role information. You must specify the IP address of the RADIUS server, as well as the shared secret (a password that authenticates the device with the RADIUS server as an EAP access point). You must enable EAP globally on each device, and you must configure EAP authentication on each device port, through which EAP/UBP users connect.
For more information about EPM and UBP, see the user documentation for your Enterprise Policy Manager (EPM) application.
Procedure
Example
Switch:1>enable
Switch:1#configure terminal
Create a RADIUS server that is used by EAP:
Switch:1(config)#radius server host fe90:0:0:0:21b:4eee:fe5e:75fd key radiustest used-by eapol enable
Switch:1(config)#interface vlan 2
Enable the device to communicate through EAP:
Switch:1(config-if)#eapol enable
Variable Definitions
The following table defines parameters for the radius server host WORD<0–113> usedby eapol command.
Variable |
Value |
---|---|
host WORD<0–113> |
Configures a host server. WORD<0–113> specifies the IPv4 address, IPv6 address, or fully qualified domain name (FQDN). If you use an FQDN, you must also configure the switch to use DNS. This address tells the device where to find the RADIUS server, from which it obtains EAP authentication and user role information. |
key WORD<0-20> |
Specifies the shared secret key that you use for RADIUS authentication. The shared secret is held in common by the RADIUS server and all EAP-enabled devices in your network. It authenticates each device with the RADIUS server as an EAP access point. When you configure your RADIUS server, you must configure the same shared secret value as you specify here. |