Switch Configuration

OcNOS-SP : Layer 2 Guide : Layer 2 Configuration Guide : 802.1X Configuration : Switch Configuration

Switch#configure terminal	Enter configure mode.
Switch(config)#port-security disable	Disable the port-security.
Switch(config)#dot1x system-auth-ctrl	Enable authentication globally.
Switch(config)#interface eth2	Enter interface mode.
Switch(config-if)#switchport	Enable switch port on interface.
Switch(config-if)#dot1x port-control auto	Enable authentication (via Radius) on port (eth2).
Switch(config-if)#exit	Exit interface mode.
Switch(config)#interface eth1	Enter interface mode.
Switch(config-if)#switchport	Enable switch port on interface.
Switch(config-if)#dot1x port-control auto	Enable authentication (via Radius) on port (eth1).
Switch(config-if)#exit	Exit interface mode.
Switch(config)# radius-server dot1x key-string test123	Specify key with string name between radius server and client
Switch(config)#radius-server dot1x host 192.126.12.1	Specify the Radius Server address (192.126.12.1)
Switch(config-radius-server)#exit	Exit from radius server mode.
Switch(config)#interface eth3	Enter interface mode.
Switch(config-if)#ip address 192.126.12.2/24	Set the IP address on interface eth3.
Switch(config-if)# commit	Commit the transaction.
Switch(config-if)#exit	Exit interface mode.

Validation

show dot1x, show dot1x all

#show dot1x all

802.1X Port-Based Authentication Enabled

RADIUS server address: 192.126.12.1:1812

Next radius message id: 0

RADIUS client address: not configured

802.1X info for interface ge1

Supplicant address: 0000.0000.0000

portEnabled: true - portControl: Auto

portStatus: Unauthorized - currentId: 1

protocol version: 2

reAuthenticate: disabled

reAuthPeriod: 3600

abort:F fail:F start:F timeout:F success:F

PAE: state: Connected - portMode: Auto

PAE: reAuthCount: 0 - rxRespId: 0

PAE: quietPeriod: 60 - reauthMax: 2 - txPeriod: 30

BE: state: Invalid - reqCount: 0 - idFromServer: 0

BE: suppTimeout: 30 - serverTimeout: 30

CD: adminControlledDirections: in - operControlledDirections: in

CD: bridgeDetected: false

KR: rxKey: false

KT: keyAvailable: false - keyTxEnabled: false

#show dot1x

802.1X Port-Based Authentication Enabled

RADIUS server address: 192.126.12.1:1812

Next radius message id: 0

RADIUS client address: not configured

Last modified date: 10/12/2023