Getting Started Port-Based NAC Switch Settings Cisco SG

Cisco SG

Supported Models:

Cisco SG 300
Cisco SG 350
Cisco SG 500

Configuration

You can configure a RADIUS with following command:

test-sg300(config)# dot1x system-auth-control
test-sg300(config)# aaa accounting dot1x start-stop group radius
test-sg300(config)# radius-server host 192.168.76.140 key *********.

Without Guest VLAN

Per Port Configuration:

test-sg300(config)# interface gigabitethernet1
test-sg300(config-if)# dot1x host-mode multi-sessions
test-sg300(config-if)# dot1x reauthentication
test-sg300(config-if)# dot1x authentication mac
test-sg300(config-if)# dot1x port-control auto
test-sg300(config-if)# description PNAC
test-sg300(config-if)# port security mode max-addresses

With Guest VLAN

Global Configuration for the Guest VLAN. e.g. VLAN 50

test-sg300(config)# interface vlan 50
test-sg300(config-if)# dot1x guest-vlan

Per Port Configuration:

test-sg300(config)# interface gigabitethernet1
test-sg300(config-if)# dot1x host-mode multi-sessions
test-sg300(config-if)# dot1x guest-vlan enable
test-sg300(config-if)# dot1x reauthentication
test-sg300(config-if)# dot1x authentication mac
test-sg300(config-if)# dot1x port-control auto
test-sg300(config-if)# description PNAC
test-sg300(config-if)# port security mode max-addresses

Additional recommended Settings for Cisco SG

Disable the macro feature of the SG globally. It's not compatible with dot1x.

macro auto disabled

Enable SNMP

snmp server
snmp location "LOCATION"
snmp community COMMUITY_RO ro