Supported Models:
- Cisco SG 300
- Cisco SG 350
- Cisco SG 500
Configuration
You can configure a RADIUS with following command:
test-sg300(config)# dot1x system-auth-control
test-sg300(config)# aaa accounting dot1x start-stop group radius
test-sg300(config)# radius-server host 192.168.76.140 key *********.Without Guest VLAN
Per Port Configuration:
test-sg300(config)# interface gigabitethernet1
test-sg300(config-if)# dot1x host-mode multi-sessions
test-sg300(config-if)# dot1x reauthentication
test-sg300(config-if)# dot1x authentication mac
test-sg300(config-if)# dot1x port-control auto
test-sg300(config-if)# description PNAC
test-sg300(config-if)# port security mode max-addressesWith Guest VLAN
Global Configuration for the Guest VLAN. e.g. VLAN 50
test-sg300(config)# interface vlan 50
test-sg300(config-if)# dot1x guest-vlanPer Port Configuration:
test-sg300(config)# interface gigabitethernet1
test-sg300(config-if)# dot1x host-mode multi-sessions
test-sg300(config-if)# dot1x guest-vlan enable
test-sg300(config-if)# dot1x reauthentication
test-sg300(config-if)# dot1x authentication mac
test-sg300(config-if)# dot1x port-control auto
test-sg300(config-if)# description PNAC
test-sg300(config-if)# port security mode max-addressesAdditional recommended Settings for Cisco SG
Disable the macro feature of the SG globally. It's not compatible with dot1x.
macro auto disabledEnable SNMP
snmp server
snmp location "LOCATION"
snmp community COMMUITY_RO ro