Supported Models:
- Cisco SG 300
- Cisco SG 350
- Cisco SG 500
- Cisco Catalyst C1300 (SG Firmware)
Configuration
You can configure a RADIUS with following command:
test-sg300(config)# dot1x system-auth-control
test-sg300(config)# aaa accounting dot1x start-stop group radius
test-sg300(config)# radius-server host 192.168.76.140 key *********.Without Guest VLAN
Per Port Configuration:
test-sg300(config)# interface gigabitethernet1
test-sg300(config-if)# dot1x host-mode multi-sessions
test-sg300(config-if)# dot1x reauthentication
test-sg300(config-if)# dot1x authentication mac
test-sg300(config-if)# dot1x port-control auto
test-sg300(config-if)# dot1x radius-attributes vlan
test-sg300(config-if)# description PNAC
test-sg300(config-if)# port security mode max-addresses
With Guest VLAN
Global Configuration for the Guest VLAN. e.g. VLAN 50
test-sg300(config)# interface vlan 50
test-sg300(config-if)# dot1x guest-vlanPer Port Configuration:
test-sg300(config)# interface gigabitethernet1
test-sg300(config-if)# dot1x host-mode multi-sessions
test-sg300(config-if)# dot1x guest-vlan enable
test-sg300(config-if)# dot1x reauthentication
test-sg300(config-if)# dot1x authentication mac
test-sg300(config-if)# dot1x port-control auto
test-sg300(config-if)# dot1x radius-attributes vlan
test-sg300(config-if)# description PNAC
test-sg300(config-if)# port security mode max-addressesAdditional recommended Settings for Cisco SG / Catalyst C1300
Disable the macro feature of the SG globally. It's not compatible with dot1x.
macro auto disabledEnable SNMP
snmp server
snmp location "LOCATION"
snmp community COMMUITY_RO ro