01-02-2015 02:10 AM - edited 03-12-2019 05:45 PM
We are configuring 802.1x for wired client. ISE is our AAA server. While configuring, i came across 3 different command sets
1) radius-server host <primary aaa server> auth-port 1812 acct-port 1813
radius-server host <secondary aaa server> auth-port 1812 acct-port 1813
radius server key <shared_key>
2) aaa group server radius < RADIUS group name>
server <Primary Radius Server IP> auth-port 1812 acct-port 1813
server <Secondary Radius Server IP> auth-port 1812 acct-port 1813
3) aaa server radius dynamic-author
client <Primary Server> server-key <radius_key>
client <Secondary Server> server-key <radius_key>
Now, we already created aaa server group in step 2.
what is the significance of step 3. if i don't add client under dynamic-author, what effect it will have on overall configuration. Will CoA affect in posture due to this
Thanks,
Aditya
Solved! Go to Solution.
01-02-2015 11:34 AM
Hello Aditya-
The commands in step #3 configure the NAD (In your case the switch) to accept CoA (Change of Authorization) which is used for 802.1x based network authentications. If you are only interested in configuring the switch for device administration then you don't need those commands, however, if you are planning on deploying 802.1x then you do need them. For more info check out this link:
Thank you for rating helpful posts!
01-02-2015 11:34 AM
Hello Aditya-
The commands in step #3 configure the NAD (In your case the switch) to accept CoA (Change of Authorization) which is used for 802.1x based network authentications. If you are only interested in configuring the switch for device administration then you don't need those commands, however, if you are planning on deploying 802.1x then you do need them. For more info check out this link:
Thank you for rating helpful posts!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: