08-12-2019 01:10 PM - edited 08-12-2019 01:13 PM
Hi,
I do not want to use, authentication list named "default" for 802.1x authentication. I want to use my own custom list.
For example for ssh login I use -
aaa new-model
radius server nps01
address ipv4 172.16.245.11 auth-port 1812 acct-port 1813
key test123
aaa group server radius nps-servers
server name nps01
aaa authentication login my-ssh-login group nps-servers local
aaa authorization exec my-ssh-autho group nps-servers local
line vty 0 4
authorization exec my-ssh-autho
login authentication my-ssh-login
transport input ssh
But for 802.1x -
I must write
aaa authentication dot1x default group nps-servers
aaa authorization network default group nps-servers
But I do not want to use this default list, I want to use my own custom named list like SSH, for example -
aaa authentication dot1x auth-dot1x group nps-servers
aaa authorization network autho-dot1x group nps-servers
But it does not work, as expected. I need to bind these list with 802.1x process. And I do not know if it is possible or what are the commands. As in for SSH access, I have bind them under vty lines.
All the Cisco's documentation refers to this default list. For 802.1x, is it possible to use a custom list?
Regards,
Solved! Go to Solution.
08-13-2019 03:05 PM
This is only possible when using IBNS 2.0. Here is snippet, but suggest going through wired guide.
policy-map type control subscriber PORT-AUTH-POLICY-I
event session-started match-all
10 class always do-all
10 authenticate using dot1x aaa authc-list auth-dot1x authz-list autho-dot1x priority 10
20 authenticate using mab aaa authc-list auth-dot1x authz-list autho-dot1x priority 20
Accounting still needs to use 'default' even with IBNS 2.0.
08-13-2019 03:05 PM
This is only possible when using IBNS 2.0. Here is snippet, but suggest going through wired guide.
policy-map type control subscriber PORT-AUTH-POLICY-I
event session-started match-all
10 class always do-all
10 authenticate using dot1x aaa authc-list auth-dot1x authz-list autho-dot1x priority 10
20 authenticate using mab aaa authc-list auth-dot1x authz-list autho-dot1x priority 20
Accounting still needs to use 'default' even with IBNS 2.0.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: