[no] dot1x
config>system>security
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command creates the context to configure 802.1x network access control on the 7210 SAS.
The no form of this command removes the 802.1x configuration.
[no] radius-plcy name [create]
config>system>security> dot1x
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
Commands in this context configure RADIUS server parameters for 802.1x network access control on the 7210 SAS.
The RADIUS server configured under the config>system>security>dot1x>radius-plcy context authenticates clients who get access to the data plane of the 7210 SAS as opposed to the RADIUS server configured under the config>system>radius context, which authenticates CLI login users who get access to the management plane of the 7210 SAS.
The no form of this command removes the RADIUS server configuration for 802.1x.
Specifies the name of the RADIUS policy, up to 32 characters.
This keyword is mandatory to create a RADIUS policy.
retry count
no retry
config>system>security> dot1x
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures the number of times the router attempts to contact the RADIUS server for authentication if there are problems communicating with the server.
The no form of this command reverts to the default value.
retry 3
Specifies the retry count.
server server-index address ip-address secret key [hash | hash2] [auth-port auth-port] [acct-port acct-port] [type server-type]
no server index
config>system>security> dot1x>radius-plcy
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command adds a Dot1x server and configures the Dot1x server IP address, index, and key values.
Up to five Dot1x servers can be configured at any one time. Dot1x servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other Dot1x servers are queried. It is assumed that there are multiple identical servers configured as backups and that the servers do not have redundant data.
The no form of this command removes the server from the configuration.
Specifies the index for the Dot1x server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.
Specifies the IP address of the Dot1x server. Two Dot1x servers cannot have the same IP address. An error message is generated if the server address is a duplicate.
Specifies the secret key to access the Dot1x server. This secret key must match the password on the Dot1x server.
Specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
Specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
Specifies the UDP port number on which to contact the RADIUS server for accounting requests.
Specifies a UDP port number to be used as a match criteria.
Specifies the server type.
source-address ip-address
no source-address
config>system>security> dot1x>radius-plcy
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures the NAS IP address to be sent in the RADIUS packet.
The no form of this command reverts to the default value.
By default the system IP address is used in the NAS field.
Specifies the IP prefix for the IP match criterion in dotted-decimal notation.
[no] shutdown
config>system>security>dot1x
config>system>security>dot1x>radius-plcy
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command administratively disables the 802.1x protocol operation. Shutting down the protocol does not remove or change the configuration other than the administrative state.
The operational state of the entity is disabled as well as the operational state of any entities contained within.
The no form of this command administratively enables the protocol, which is the default state.
shutdown
timeout seconds
no timeout
config>system>security> dot1x>radius-plcy
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures the number of seconds the router waits for a response from a RADIUS server.
The no form of this command reverts to the default value.
timeout 3
Specifies the number of seconds the router waits for a response from a RADIUS server, expressed as a decimal integer.