Configuring the switch for EAP and RADIUS
Perform the following procedure to configure the switch for EAP and RADIUS.
About this task
You must configure the switch, through which user-based-policy (UBP) users connect to communicate with the RADIUS server to exchange EAP authentication information, as well as user role information. You must specify the IP address of the RADIUS server, as well as the shared secret (a password that authenticates the device with the RADIUS server as an EAP access point). You must enable EAP globally on each device, and you must configure EAP authentication on each device port, through which EAP/UBP users connect.
RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration.
For more information about EPM and UBP, see the user documentation for your Enterprise Policy Manager (EPM) application.
Procedure
Example
Switch:1> enable
Switch:1# configure terminal
Create a RADIUS server that is used by EAP:
Switch:1(config)# radius server host fe90:0:0:0:21b:4eee:fe5e:75fd key radiustest used-by eapol
Switch:1(config)# interface vlan 2
Enable the device to communicate through EAP:
Switch:1(config-if)# eapol enable
Save your changes:
Switch:1(config-if)# save config
Variable Definitions
The following table defines parameters for the radius server host WORD<0–46> usedby eapol command.
Variable |
Value |
---|---|
host WORD<0–46> |
Specifies the IP address of the selected server. This address tells the device where to find the RADIUS server, from which it obtains EAP authentication and user role information. RADIUS supports IPv4 and IPv6 addresses, with no difference in functionality or configuration. |
key WORD<0-20> |
Specifies the shared secret key that you use for RADIUS authentication. The shared secret is held in common by the RADIUS server and all EAP-enabled devices in your network. It authenticates each device with the RADIUS server as an EAP access point. When you configure your RADIUS server, you must configure the same shared secret value as you specify here. |