[no] dot1x
config>system>security
This command enables the context to configure 802.1x network access control on the 7705 SAR.
The no form of the command removes the 802.1x configuration.
[no] radius-plcy name [create]
config>system>security>dot1x
This command enables the context to configure RADIUS server parameters for 802.1x network access control on the 7705 SAR.
The RADIUS server configured under the config>system>security>dot1x>radius-plcy context authenticates clients who get access to the data plane of the 7705 SAR. This configuration differs from the RADIUS server configured under the config>system>security>radius context that authenticates CLI login users who get access to the management plane of the 7705 SAR.
The no form of the command removes the RADIUS server configuration for 802.1x.
the RADIUS policy name, up to 32 characters
keyword required when first creating the configuration context. When the context is created, you can navigate into the context without the create keyword.
retry count
no retry
config>system>security>dot1x
This command configures the number of times the router attempts to contact the RADIUS server for authentication if there are problems communicating with the server.
The no form of the command reverts to the default value.
3
the retry count
server server-index address ip-address secret key [hash | hash2] [auth-port auth-port]
[acct-port acct-port] [type server-type]
no server server-index
config>system>security>dot1x>radius-plcy
This command adds an 802.1x server and configures the IP address, index, and key values.
Up to five 802.1x servers can be configured at any one time. These servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher- indexed server is only queried if no response is received from a lower-indexed server (which implies that the server is not available). If a response from a server is received, no other 802.1x servers are queried. It is assumed that there are multiple identical servers configured as backups and that the servers do not have redundant data.
The no form of the command removes the server from the configuration.
n/a
the index for the 802.1x server
the IP address of the 802.1x server. Each 802.1x server must have a unique IP address. An error message is generated if the server address is a duplicate.
the secret key to access the 802.1x server. This secret key must match the password on the 802.1x server.
specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone. This means that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
the UDP port number used to contact the RADIUS server for authentication
the UDP port number used to contact the RADIUS server for accounting requests
the server type
source-address ip-address
no source-address
config>system>security>dot1x>radius-plcy
This command configures the NAS IP address to be sent in the RADIUS packet.
The no form of the command reverts to the default value.
system IP address
the source address of the RADIUS packet in dotted-decimal notation
[no] shutdown
config>system>security>dot1x
config>system>security>dot1x>radius-plcy
This command administratively disables the 802.1x protocol operation. Shutting down the protocol does not remove or change the configuration other than the administrative state.
The operational state of the entity is disabled as well as the operational state of any entities contained within.
The no form of the command administratively enables the protocol.
shutdown
timeout seconds
no timeout
config>system>security>dot1x>radius-plcy
This command configures the number of seconds the router waits for a response from a RADIUS server.
The no form of the command reverts to the default value.
5
the number of seconds the router waits for a response from a RADIUS server, expressed as a decimal integer