Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
975
Views
0
Helpful
1
Replies

AAA authentication on switch

Go to solution
adityaM1234
Level 1
Level 1

‎01-02-2015 02:10 AM - edited ‎03-12-2019 05:45 PM

We are configuring 802.1x for wired client. ISE is our AAA server. While configuring, i came across 3 different command sets

 

1) radius-server host  <primary aaa server> auth-port 1812 acct-port 1813 

    radius-server host  <secondary aaa server> auth-port 1812 acct-port 1813 

    radius server key <shared_key>

 

2) aaa group server radius < RADIUS group name>

     server <Primary Radius Server IP> auth-port 1812 acct-port 1813

     server <Secondary Radius Server IP> auth-port 1812 acct-port 1813

 

3)  aaa server radius dynamic-author 

     client <Primary Server> server-key <radius_key>

     client <Secondary Server> server-key <radius_key>

Now, we already created aaa server group in step 2. 

what is the significance of step 3. if i don't add client under dynamic-author, what effect it will have on overall configuration. Will CoA affect in posture due to this

 

Thanks,

Aditya

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎01-02-2015 11:34 AM

Hello Aditya-

The commands in step #3 configure the NAD (In your case the switch) to accept CoA (Change of Authorization) which is used for 802.1x based network authentications. If you are only interested in configuring the switch for device administration then you don't need those commands, however, if you are planning on deploying 802.1x then you do need them. For more info check out this link:

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-731907.html

 

Thank you for rating helpful posts!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎01-02-2015 11:34 AM

Hello Aditya-

The commands in step #3 configure the NAD (In your case the switch) to accept CoA (Change of Authorization) which is used for 802.1x based network authentications. If you are only interested in configuring the switch for device administration then you don't need those commands, however, if you are planning on deploying 802.1x then you do need them. For more info check out this link:

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/whitepaper_C11-731907.html

 

Thank you for rating helpful posts!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents