Cisco ccna
Páginas: 266 (66385 palabras)
Publicado: 24 de mayo de 2010
C H A P T E R
2
Catalyst 2950 and 2955 Cisco IOS Commands
aaa accounting dot1x
Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for IEEE 802.1x sessions. Use the no form of this command to disable IEEE 802.1xaccounting. aaa accounting dot1x {name | default} start-stop {broadcast group {name | radius | tacacs+} [group {name | radius | tacacs+} ... ] | group {name | radius | tacacs+} [group {name | radius | tacacs+} ...]} no aaa accounting dot1x {name | default}
Syntax Description
name default start-stop
Name of a server group. This is optional when you enter it after the broadcast group andgroup keywords. Use the accounting methods that follow as the default list for accounting services. Send a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested-user process begins regardless of whether or not the start accounting notice was received by the accounting server.Enable accounting records to be sent to multiple AAA servers and send accounting records to the first server in each group. If the first server is unavailable, the switch uses the list of backup servers to identify the first server. Specify the server group to be used for accounting services. These are valid server group names:
• • •
broadcast
group
name—Name of a server group.radius—List of all RADIUS hosts. tacacs+—List of all TACACS+ hosts.
The group keyword is optional when you enter it after the broadcast group and group keywords. You can enter more than optional group keyword. radius tacacs+ (Optional) Enable RADIUS authorization. (Optional) Enable TACACS+ accounting.
Catalyst 2950 and Catalyst 2955 Switch Command Reference OL-10102-01
2-1
Chapter 2 aaaaccounting dot1x
Catalyst 2950 and 2955 Cisco IOS Commands
Defaults
AAA accounting is disabled.
Command Modes
Global configuration
Command History
Release 12.1(20)EA2
Modification This command was introduced.
Usage Guidelines
This command requires access to a RADIUS server.
Note
We recommend that you enter the dot1x re-authentication interface configuration commandbefore configuring IEEE 802.1x RADIUS accounting on an interface.
Examples
This example shows how to configure IEEE 802.1x accounting:
Switch(config)# aaa new model Switch(config)# aaa accounting dot1x default start-stop group radius
Note
The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client.
Related CommandsCommand aaa authentication dot1x dot1x reauthentication dot1x timeout reauth-period
Description Specifies one or more AAA methods for use on interfaces running IEEE 802.1x. Enables or disables periodic re-authentication. Sets the number of seconds between re-authentication attempts.
Catalyst 2950 and Catalyst 2955 Switch Command Reference
2-2
OL-10102-01
Chapter 2
Catalyst 2950 and2955 Cisco IOS Commands aaa authentication dot1x
aaa authentication dot1x
Use the aaa authentication dot1x global configuration command to specify the authentication, authorization, and accounting (AAA) method to use on ports complying with IEEE 802.1x authentication. Use the no form of this command to disable authentication. aaa authentication dot1x {default} method1 no aaa authenticationdot1x {default}
Syntax Description
default method1
Use the listed authentication method that follows this argument as the default method when a user logs in. Enter the group radius keywords to use the list of all RADIUS servers for authentication.
Note
Though other keywords are visible in the command-line help strings, only the default and group radius keywords are supported....
2
Catalyst 2950 and 2955 Cisco IOS Commands
aaa accounting dot1x
Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to create method lists defining specific accounting methods on a per-line or per-interface basis for IEEE 802.1x sessions. Use the no form of this command to disable IEEE 802.1xaccounting. aaa accounting dot1x {name | default} start-stop {broadcast group {name | radius | tacacs+} [group {name | radius | tacacs+} ... ] | group {name | radius | tacacs+} [group {name | radius | tacacs+} ...]} no aaa accounting dot1x {name | default}
Syntax Description
name default start-stop
Name of a server group. This is optional when you enter it after the broadcast group andgroup keywords. Use the accounting methods that follow as the default list for accounting services. Send a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested-user process begins regardless of whether or not the start accounting notice was received by the accounting server.Enable accounting records to be sent to multiple AAA servers and send accounting records to the first server in each group. If the first server is unavailable, the switch uses the list of backup servers to identify the first server. Specify the server group to be used for accounting services. These are valid server group names:
• • •
broadcast
group
name—Name of a server group.radius—List of all RADIUS hosts. tacacs+—List of all TACACS+ hosts.
The group keyword is optional when you enter it after the broadcast group and group keywords. You can enter more than optional group keyword. radius tacacs+ (Optional) Enable RADIUS authorization. (Optional) Enable TACACS+ accounting.
Catalyst 2950 and Catalyst 2955 Switch Command Reference OL-10102-01
2-1
Chapter 2 aaaaccounting dot1x
Catalyst 2950 and 2955 Cisco IOS Commands
Defaults
AAA accounting is disabled.
Command Modes
Global configuration
Command History
Release 12.1(20)EA2
Modification This command was introduced.
Usage Guidelines
This command requires access to a RADIUS server.
Note
We recommend that you enter the dot1x re-authentication interface configuration commandbefore configuring IEEE 802.1x RADIUS accounting on an interface.
Examples
This example shows how to configure IEEE 802.1x accounting:
Switch(config)# aaa new model Switch(config)# aaa accounting dot1x default start-stop group radius
Note
The RADIUS authentication server must be properly configured to accept and log update or watchdog packets from the AAA client.
Related CommandsCommand aaa authentication dot1x dot1x reauthentication dot1x timeout reauth-period
Description Specifies one or more AAA methods for use on interfaces running IEEE 802.1x. Enables or disables periodic re-authentication. Sets the number of seconds between re-authentication attempts.
Catalyst 2950 and Catalyst 2955 Switch Command Reference
2-2
OL-10102-01
Chapter 2
Catalyst 2950 and2955 Cisco IOS Commands aaa authentication dot1x
aaa authentication dot1x
Use the aaa authentication dot1x global configuration command to specify the authentication, authorization, and accounting (AAA) method to use on ports complying with IEEE 802.1x authentication. Use the no form of this command to disable authentication. aaa authentication dot1x {default} method1 no aaa authenticationdot1x {default}
Syntax Description
default method1
Use the listed authentication method that follows this argument as the default method when a user logs in. Enter the group radius keywords to use the list of all RADIUS servers for authentication.
Note
Though other keywords are visible in the command-line help strings, only the default and group radius keywords are supported....
Leer documento completo
Regístrate para leer el documento completo.