.. _radius-cisco:
Cisco 네트워í¬ìž¥ë¹„ 기본 RADIUS ì„¤ì • 방법
=========================================
1. 스위치 AAA ì„¤ì •
- 스위치ì—ì„œ AAA 서버(RADIUS)를 등ë¡í•˜ì—¬ 등ë¡í•œ 서버ì—ì„œ ì¸ì¦ì„ ìˆ˜í–‰í• ìˆ˜ 있ë„ë¡í•©ë‹ˆë‹¤.
.. code:: bash
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
aaa session-id common
aaa accounting update newinfo periodic 10
radius server {radius server name}
address ipv4 {radius server ip} auth-port 1812 acct-port 1813
key {radius secret key}
radius-server vsa send authentication
ip radius source-interface X (Layer 3 management interface)
aaa server radius dynamic-author
client
server-key {radius secret key}
port 3799
auth-type any
dot1x system-auth-control
ip device tracking
2. ì¸í„°íŽ˜ì´ìŠ¤ ì„¤ì •
- ê° ì¸í„°íŽ˜ì´ìŠ¤ 802.1x ì„¤ì •ì„ í•˜ì—¬ í¬íŠ¸ì— 장비가 ì—°ê²°ë˜ë©´ ì¸ì¦ì„ 수행하ë„ë¡í•©ë‹ˆë‹¤.
.. code:: bash
dot1x port-control auto
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x max-reauth-req 1
dot1x radius-attributes vlan static
dot1x host-mode multi-auth
.. note:: Cisco IOS ë²„ì „ 별로 ëª…ë ¹ì–´ê°€ 다를 수 있습니다.
.. note:: í¬íŠ¸ì— ì„¤ì •í•˜ëŠ” 타ì´ë¨¸ ë° ì¸ì¦ ëª¨ë“œì— ëŒ€í•œ ìžì„¸í•œ ë‚´ìš©ì€ Cisco 설명서를 참조하시기 ë°”ëžë‹ˆë‹¤.