Use best practices to create standardized naming conventions that describe VLAN purposes and locations (refer to Table 1).Ĭisco-switch(config-vlan)# name "Users and APs"Ĭisco-switch(config-vlan)# name "Untrusted Devices"Ĭisco-switch(config-vlan)# name "VoIP Phones"Ĭisco-switch(config-vlan)# name "Printers"Ĭisco-switch(config-vlan)# name "Security Network" Use the following commands to set the switch to use RADIUS for AAA authentication and accounting:Ĭisco-switch(config)# aaa authentication dot1x default group radiusĬisco-switch(config)# aaa authorization network default group radiusĬisco-switch(config)# aaa accounting dot1x default start-stop group radius 8.Īdd an AAA server for dynamic authorization:Ĭisco-switch(config)# aaa server radius dynamic-authorĬisco-switch(config-locsvr-da-radius)# client 192.0.2.10 server-key aruba 123Ĭisco-switch(config-locsvr-da-radius)# port 3799Ĭisco-switch(config-locsvr-da-radius)# auth-type allĬisco-switch(config-locsvr-da-radius)# exit Run the following command to enable 802.1x:Ĭisco-switch(config)# dot1x system-auth-control 7. The firewall is not blocking the switch-to- Policy Manager server communication.Įnable the new access control commands and functions to include advanced features using the following command:Īdd the Policy Manager server as the RADIUS server with the following commands:Ĭisco-switch(config)# radius-server host 192.0.2.10Ĭisco-switch(config-radius-server)# address ipv4 192.0.2.10Ĭisco-switch(config-radius-server)# key aruba123 The correct IP address for the default-gateway is set. In the event an error is received, verify the following: Success rate is 100 percent(5/5), round-trip min/avg/max = 1/2/8 ms 3. Verify that the Cisco switch can ping the Policy Manager server:
0 kommentar(er)
