I couldn't find anything relevant, but apologies if it has already been answered.
Is there any way of encrypting the traffic between a switch and a radius server when using radius to authenticate switch logins? As far as I can tell the traffic is passed between the switch and the radius server in plain text by default.
I've not been able to find anything to suggest it is configurable on a switch, seems to render the whole thing useless unless you like sending authentication data in the clear over the network. Doesn't seem like a good idea to me!
It is the client that has to be configured to do any of these methods.
To summarize : the client does an EAP method and the switch forwards those eap packets inside radius to the authentication server.
Radius is usually not secure but since methods like PEAP or EAP-TLS build a secure tunnel, you can't pull much information out of the radius packets (as far as user information are concerned). Radius is encrypted with a shared key so it's already something as well
I think we're talking at cross purposes. I want to use Radius for the switch logins themselves as well as for dot1x via an end user client. I'm looking a for a method of confiuguring the switch to use Radius to check logins to the switch, but for this process to be secured via TLS or PEAP.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...