.. _radius-cisco:

Cisco Switch RADIUS Configuration Settings
============================================

1. Switch AAA and 802.1X Settings

Configure global AAA RADIUS and 802.1X settings, define RADIUS server and enable RADIUS Change of Authorization (CoA).

.. code:: bash

    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    aaa accounting dot1x default start-stop group radius
    aaa session-id common
    aaa accounting update newinfo periodic 10

    radius server {radius server name}
     address ipv4 {radius server ip} auth-port 1812 acct-port 1813
     key {radius secret key}

    radius-server vsa send authentication
    ip radius source-interface X (Layer 3 management interface)

    aaa server radius dynamic-author
    client

    server-key {radius secret key}

    port 3799
    auth-type any

    dot1x system-auth-control
    ip device tracking

2. Interface 802.1X Settings

Configure 802.1X and mab on the interface along with associated timers and authentication modes.

.. code:: bash

    dot1x port-control auto
    authentication port-control auto
    mab
    dot1x pae authenticator
    dot1x timeout quiet-period 10
    dot1x max-reauth-req 1
    dot1x radius-attributes vlan static
    dot1x host-mode multi-auth

.. note:: Two port-control commands are provided since various Cisco IOS versions use different commands. Choose the appropriate command for your version.
.. note:: "mab" is configured to allow devices that do not support a supplicant to authenticate via MAC Authentication.
.. note:: Refer to Cisco documentation for more information on timers and authentication modes.