https://community.cisco.com/t5/network-access-control/define-radius-server-per-switchport/m-p/2388231#M88428 <HTML><HEAD></HEAD><BODY><P>Steve,</P><P></P><P>Am I correct here?</P><P></P><P>You want (for example) RADIUS server at 10.1.1.1 to handle switch ports GigabitEthernet 1-24 and RADIUS server 10.2.2.2 handle GigabitEthernet 25-48.</P><P></P><P>If that's the case, then define multiple authentication methods, and assign those methods to each port as appropriate.</P><P></P><P>For example:</P><P></P><P>aaa group server radius RAD1</P><P> server 10.1.1.1</P><P>aaa group server radius RAD2</P><P> server 10.2.2.2</P><P>aaa authenticaiton dot1x RAD1 group RADSER1</P><P>aaa authentication dot1x RAD2 group RADSER2</P><P></P><P>Now assign RAD1 to interfaces GigE 1-24 and RAD2 to interfaces GigE 25-48</P><P></P><P>Javier Henderson</P><P>Cisco Systems</P></BODY></HTML> Wed, 29 Jan 2014 23:40:11 GMT Javier Henderson 2014-01-29T23:40:11Z https://community.cisco.com/t5/network-access-control/define-radius-server-per-switchport/m-p/2388230#M88427 <P>Afternoon all,</P><P></P><P>I've been experimenting with dot1x on switchports, we have two seperate systems handling AAA at the moment and one of them is tied into the firewall/webfilter (school environment).</P><P></P><P>We would like to use the RADIUS server on that appliance to handle AAA for certain switchports in locations with personal devices attached, and then our internal Windows NPS to handle AAA for school devices in locations where personal devices will not be attached.</P><P></P><P>I found this thread: </P><P><A class="jive-link-external-small" href="https://community.cisco.com/thread/2080794" target="_blank">https://supportforums.cisco.com/thread/2080794</A><SPAN> from 2011 stating that it would not be possible (in the same kind of scenario) is this still the case in IOS 15? Can't find options to do it.</SPAN></P><P></P><P>Apologies if this is a stupid question.</P><P></P><P>Steve</P> Mon, 11 Mar 2019 04:20:03 GMT https://community.cisco.com/t5/network-access-control/define-radius-server-per-switchport/m-p/2388230#M88427 shillier.tha 2019-03-11T04:20:03Z https://community.cisco.com/t5/network-access-control/define-radius-server-per-switchport/m-p/2388231#M88428 <HTML><HEAD></HEAD><BODY><P>Steve,</P><P></P><P>Am I correct here?</P><P></P><P>You want (for example) RADIUS server at 10.1.1.1 to handle switch ports GigabitEthernet 1-24 and RADIUS server 10.2.2.2 handle GigabitEthernet 25-48.</P><P></P><P>If that's the case, then define multiple authentication methods, and assign those methods to each port as appropriate.</P><P></P><P>For example:</P><P></P><P>aaa group server radius RAD1</P><P> server 10.1.1.1</P><P>aaa group server radius RAD2</P><P> server 10.2.2.2</P><P>aaa authenticaiton dot1x RAD1 group RADSER1</P><P>aaa authentication dot1x RAD2 group RADSER2</P><P></P><P>Now assign RAD1 to interfaces GigE 1-24 and RAD2 to interfaces GigE 25-48</P><P></P><P>Javier Henderson</P><P>Cisco Systems</P></BODY></HTML> Wed, 29 Jan 2014 23:40:11 GMT https://community.cisco.com/t5/network-access-control/define-radius-server-per-switchport/m-p/2388231#M88428 Javier Henderson 2014-01-29T23:40:11Z https://community.cisco.com/t5/network-access-control/define-radius-server-per-switchport/m-p/2388232#M88429 <HTML><HEAD></HEAD><BODY><P>Hi Javier</P><P></P><P>That is exactly it, thank you! I have come co close - I have the groups, servers and aaa config ready but do not know how to assign RAD1 to <SPAN style="font-size: 10pt;">GigE 1-24 and RAD2 to interfaces GigE 25-48.</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">How do you achieve this?</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">Many thanks</SPAN></P><P><SPAN style="font-size: 10pt;">Steve</SPAN></P></BODY></HTML> Thu, 30 Jan 2014 06:28:02 GMT https://community.cisco.com/t5/network-access-control/define-radius-server-per-switchport/m-p/2388232#M88429 shillier.tha 2014-01-30T06:28:02Z