Instruction Manual
Table Of Contents
- Preface
- Chapter 1. Using the CLI
- Chapter 2. ACL Commands
- Chapter 3. AAA Commands
- Chapter 4. Address Table Commands
- bridge address
- bridge multicast filtering
- bridge multicast address
- bridge multicast forbidden address
- bridge multicast unregistered
- bridge multicast forward-all
- bridge multicast forbidden forward-all
- bridge aging-time
- clear bridge
- port security
- port security mode
- port security max
- port security routed secure-address
- show bridge address-table
- show bridge address-table static
- show bridge address-table count
- show bridge multicast address-table
- show bridge multicast address-table static
- show bridge multicast filtering
- show bridge multicast unregistered
- show ports security
- show ports security addresses
- Chapter 5. Clock Commands
- clock set
- clock source
- clock timezone
- clock summer-time
- sntp authentication-key
- sntp authenticate
- sntp trusted-key
- sntp client poll timer
- sntp broadcast client enable
- sntp anycast client enable
- sntp client enable (Interface)
- sntp unicast client enable
- sntp unicast client poll
- sntp server
- show clock
- show sntp configuration
- show sntp status
- Chapter 6. Configuration and Image File Commands
- Chapter 7. DHCP Snooping Commands
- ip dhcp snooping
- ip dhcp snooping vlan
- ip dhcp snooping trust
- ip dhcp snooping information option allowed-untrusted
- ip dhcp snooping verify
- ip dhcp snooping database
- ip dhcp snooping database update-freq
- ip dhcp snooping binding
- clear ip dhcp snooping database
- show ip dhcp snooping
- show ip dhcp snooping binding
- Chapter 8. Ethernet Configuration Commands
- interface ethernet
- interface range ethernet
- shutdown
- description
- speed
- duplex
- negotiation
- flowcontrol
- mdix
- back-pressure
- system flowcontrol
- clear counters
- set interface active
- show interfaces advertise
- show interfaces configuration
- show interfaces status
- show interfaces description
- show interfaces counters
- port storm-control include-multicast (IC)
- port storm-control broadcast enable
- port storm-control broadcast rate
- show ports storm-control
- Chapter 9. GVRP Commands
- Chapter 10. IGMP Snooping Commands
- ip igmp snooping (Global)
- ip igmp snooping (Interface)
- ip igmp snooping mrouter learn-pim-dvmrp
- ip igmp snooping host-time-out
- ip igmp snooping querier enable
- ip igmp snooping querier address
- ip igmp snooping querier version
- ip igmp snooping mrouter-time-out
- ip igmp snooping leave-time-out
- show ip igmp snooping mrouter
- show ip igmp snooping interface
- show ip igmp snooping groups
- Chapter 11. IP Addressing Commands
- Chapter 12. IPv6 Addressing Commands
- Chapter 13. Line Commands
- Chapter 14. DHCP Option 82 Commands
- Chapter 15. IP DHCP Relay
- Chapter 16. LACP Commands
- Chapter 17. LLDP Commands
- lldp enable (global)
- lldp enable (interface)
- lldp timer
- lldp hold-multiplier
- lldp reinit-delay
- lldp tx-delay
- lldp optional-tlv
- lldp management-address
- lldp notifications
- lldp med enable
- lldp med network-policy (global)
- lldp med network-policy (interface)
- lldp med location
- clear lldp rx
- show lldp configuration
- show lldp med configuration
- show lldp local
- show lldp neighbors
- Chapter 18. Login Banner Commands
- Chapter 19. Management ACL Commands
- Chapter 20. PHY Diagnostics Commands
- Chapter 21. Port Channel Commands
- Chapter 22. Port Monitor Commands
- Chapter 23. Power over Ethernet Commands
- Chapter 24. QoS Commands
- Chapter 25. Radius Commands
- Chapter 26. RMON Commands
- Chapter 27. SNMP Commands
- snmp-server community
- snmp-server view
- snmp-server group
- snmp-server user
- snmp-server engineID local
- snmp-server enable traps
- snmp-server filter
- snmp-server host
- snmp-server v3-host
- snmp-server trap authentication
- snmp-server contact
- snmp-server location
- snmp-server set
- show snmp
- show snmp engineid
- show snmp views
- show snmp groups
- show snmp filters
- show snmp users
- Chapter 28. Spanning-Tree Commands
- spanning-tree
- spanning-tree mode
- spanning-tree forward-time
- spanning-tree hello-time
- spanning-tree max-age
- spanning-tree priority
- spanning-tree disable
- spanning-tree cost
- spanning-tree port-priority
- spanning-tree portfast
- spanning-tree link-type
- spanning-tree pathcost method
- spanning-tree bpdu
- spanning-tree guard root
- spanning-tree bpduguard
- clear spanning-tree detected-protocols
- spanning-tree mst priority
- spanning-tree mst max-hops
- spanning-tree mst port-priority
- spanning-tree mst cost
- spanning-tree mst configuration
- instance (mst)
- name (mst)
- revision (mst)
- show (mst)
- exit (mst)
- abort (mst)
- show spanning-tree
- Chapter 29. SSH Commands
- Chapter 30. Syslog Commands
- Chapter 31. TACACS+ Commands
- Chapter 32. Tunnel Commands
- Chapter 33. System Management Commands
- Chapter 34. User Interface Commands
- Chapter 35. VLAN Commands
- vlan database
- vlan
- interface vlan
- interface range vlan
- name
- switchport protected
- switchport mode
- switchport access vlan
- switchport trunk allowed vlan
- switchport trunk native vlan
- switchport general allowed vlan
- switchport general pvid
- switchport general ingress-filtering disable
- switchport general acceptable-frame-type tagged-only
- switchport general map macs-group vlan
- map mac macs-group
- show vlan macs-group
- switchport forbidden vlan
- ip internal-usage-vlan
- show vlan
- show vlan internal usage
- show interfaces switchport
- Chapter 36. Web Server Commands
- Chapter 37. 802.1x Commands
- aaa authentication dot1x
- dot1x system-auth-control
- dot1x port-control
- dot1x re-authentication
- dot1x timeout re-authperiod
- dot1x re-authenticate
- dot1x timeout quiet-period
- dot1x timeout tx-period
- dot1x max-req
- dot1x timeout supp-timeout
- dot1x timeout server-timeout
- show dot1x
- show dot1x users
- show dot1x statistics
- dot1x auth-not-req
- dot1x guest-vlan
- dot1x single-host-violation
- dot1x mac-authentication
- show dot1x advanced
- dot1x guest-vlan enable
- dot1x guest-vlan timeout
- dot1x radius-attributes vlan
- Index

AAA Commands
Page 48
Parameters
•
radius — Accounting is performed by a RADIUS server.
Default Configuration
Disabled.
Command Mode
Global Configuration.
User Guidelines
•
This command enables the recording of 802.1x sessions.
• If accounting is activated, the device sends a Start/Stop message to a RADIUS server when a user
logs in/logs out to the network, respectively. The software sends Start/Stop messages for each authenticated
supplicant.
• The device uses the configured priorities of the available RADIUS servers to select the RADIUS server to
use.
• If a new supplicant replaces an old supplicant (even if the port state remains authorized), the software sends
a Stop message for the old supplicant and a Start message for the new supplicant.
• The software does not send Start/Stop messages if the port is force-authorized.
• The software does not send Start/Stop messages for hosts that are sending traffic on the guest VLAN or on
the unauthenticated VLANs.
• The following table describes the supported RADIUS accounting Attribute Values when they are sent by the
switch:
Example
The following example defines the accounting of 802.1x sessions sessions to a RADIUS server.
Name Start Stop Description
User-Name (1) Yes Yes The user identity.
NAS-IP-Address (4) Yes Yes The switch IP address that is used for the session
with the RADIUS server.
NAS-Port (5) Yes Yes The switch port from where the supplicant logged in.
Class (25) Yes Yes An arbitrary value is included in all accounting
packets for a specific session.
Called-Station-ID (30) Yes Yes The switch MAC address.
Calling-Station-ID (31) Yes Yes The supplicant MAC address.
Acct-Session-ID (44) Yes Yes A unique accounting identifier.
Acct-Authentic (45) Yes Yes Indicates how the supplicant was authenticated.
Acct-Session-Time (46) No Yes Indicates how long the user was logged in.
Acct-Terminate-Cause (49) No Yes Reports why the session was terminated.
Nas-Port-Type (61) Yes Yes Indicates the supplicant physical port type.
Console(config)#
aaa accounting dot1x
radius