08-12-2019 01:10 PM - edited 08-12-2019 01:13 PM
Hi,
I do not want to use, authentication list named "default" for 802.1x authentication. I want to use my own custom list.
For example for ssh login I use -
aaa new-model
radius server nps01
address ipv4 172.16.245.11 auth-port 1812 acct-port 1813
key test123
aaa group server radius nps-servers
server name nps01
aaa authentication login my-ssh-login group nps-servers local
aaa authorization exec my-ssh-autho group nps-servers local
line vty 0 4
authorization exec my-ssh-autho
login authentication my-ssh-login
transport input ssh
But for 802.1x -
I must write
aaa authentication dot1x default group nps-servers
aaa authorization network default group nps-servers
But I do not want to use this default list, I want to use my own custom named list like SSH, for example -
aaa authentication dot1x auth-dot1x group nps-servers
aaa authorization network autho-dot1x group nps-servers
But it does not work, as expected. I need to bind these list with 802.1x process. And I do not know if it is possible or what are the commands. As in for SSH access, I have bind them under vty lines.
All the Cisco's documentation refers to this default list. For 802.1x, is it possible to use a custom list?
Regards,
Solved! Go to Solution.
08-13-2019 03:05 PM
This is only possible when using IBNS 2.0. Here is snippet, but suggest going through wired guide.
policy-map type control subscriber PORT-AUTH-POLICY-I
event session-started match-all
10 class always do-all
10 authenticate using dot1x aaa authc-list auth-dot1x authz-list autho-dot1x priority 10
20 authenticate using mab aaa authc-list auth-dot1x authz-list autho-dot1x priority 20
Accounting still needs to use 'default' even with IBNS 2.0.
08-13-2019 03:05 PM
This is only possible when using IBNS 2.0. Here is snippet, but suggest going through wired guide.
policy-map type control subscriber PORT-AUTH-POLICY-I
event session-started match-all
10 class always do-all
10 authenticate using dot1x aaa authc-list auth-dot1x authz-list autho-dot1x priority 10
20 authenticate using mab aaa authc-list auth-dot1x authz-list autho-dot1x priority 20
Accounting still needs to use 'default' even with IBNS 2.0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide