Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Define RADIUS Server per Switchport

Afternoon all,

I've been experimenting with dot1x on switchports, we have two seperate systems handling AAA at the moment and one of them is tied into the firewall/webfilter (school environment).

We would like to use the RADIUS server on that appliance to handle AAA for certain switchports in locations with personal devices attached, and then our internal Windows NPS to handle AAA for school devices in locations where personal devices will not be attached.

I found this thread:

https://supportforums.cisco.com/thread/2080794 from 2011 stating that it would not be possible (in the same kind of scenario) is this still the case in IOS 15? Can't find options to do it.

Apologies if this is a stupid question.

Steve

Everyone's tags (3)
2 REPLIES
Cisco Employee

Define RADIUS Server per Switchport

Steve,

Am I correct here?

You want (for example) RADIUS server at 10.1.1.1 to handle switch ports GigabitEthernet 1-24 and RADIUS server 10.2.2.2 handle GigabitEthernet 25-48.

If that's the case, then define multiple authentication methods, and assign those methods to each port as appropriate.

For example:

aaa group server radius RAD1

server 10.1.1.1

aaa group server radius RAD2

server 10.2.2.2

aaa authenticaiton dot1x RAD1 group RADSER1

aaa authentication dot1x RAD2 group RADSER2

Now assign RAD1 to interfaces GigE 1-24 and RAD2 to interfaces GigE 25-48

Javier Henderson

Cisco Systems

New Member

Define RADIUS Server per Switchport

Hi Javier

That is exactly it, thank you! I have come co close - I have the groups, servers and aaa config ready but do not know how to assign RAD1 to GigE 1-24 and RAD2 to interfaces GigE 25-48.

How do you achieve this?

Many thanks

Steve

277
Views
0
Helpful
2
Replies
CreatePlease login to create content