01-02-2015 02:10 AM - edited 03-12-2019 05:45 PM
We are configuring 802.1x for wired client. ISE is our AAA server. While configuring, i came across 3 different command sets
1) radius-server host <primary aaa server> auth-port 1812 acct-port 1813
radius-server host <secondary aaa server> auth-port 1812 acct-port 1813
radius server key <shared_key>
2) aaa group server radius < RADIUS group name>
server <Primary Radius Server IP> auth-port 1812 acct-port 1813
server <Secondary Radius Server IP> auth-port 1812 acct-port 1813
3) aaa server radius dynamic-author
client <Primary Server> server-key <radius_key>
client <Secondary Server> server-key <radius_key>
Now, we already created aaa server group in step 2.
what is the significance of step 3. if i don't add client under dynamic-author, what effect it will have on overall configuration. Will CoA affect in posture due to this
Thanks,
Aditya
Solved! Go to Solution.
01-02-2015 11:34 AM
Hello Aditya-
The commands in step #3 configure the NAD (In your case the switch) to accept CoA (Change of Authorization) which is used for 802.1x based network authentications. If you are only interested in configuring the switch for device administration then you don't need those commands, however, if you are planning on deploying 802.1x then you do need them. For more info check out this link:
Thank you for rating helpful posts!
01-02-2015 11:34 AM
Hello Aditya-
The commands in step #3 configure the NAD (In your case the switch) to accept CoA (Change of Authorization) which is used for 802.1x based network authentications. If you are only interested in configuring the switch for device administration then you don't need those commands, however, if you are planning on deploying 802.1x then you do need them. For more info check out this link:
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide