Scenario:
Make: Dell Switches
Model: N4032, N2048, etc
Server: Radius Server 2012, 2016, 2019
Description: In this article, we will discuss a stepwise method of how to bypass or authorize or unauthorize Radius on an interface of the Dell switch. This configuration is valid for other Dell switch models as well.
RADIUS is an authentication method that can be configured on the Dell switches to manage the client authentication. Radius configuration on Dell switch provides an additional layer of security. It is always recommended to have redundancy in the network infrastructure to avoid any downtime. Hence RADIUS Fail-over Configuration on Dell Switches is recommended.
The general configuration of an interface is shown below where the radius is configured as auto.
interface gigabitethernet 1/0/1
switchport voice detect auto
description "2 Devices can connect"
spanning-tree portfast
switchport mode general
dot1x port-control auto
dot1x reauthentication
dot1x timeout re-authperiod 86400
dot1x unauth-vlan 200
dot1x max-users 2
dot1x mac-auth-bypass
1. Bypass or Remove RADIUS Authentication
In this section, we will discuss how to “Bypass RADIUS Authentication” on a switch interface. Considering here the switch port is configured with default Radius configuration as shown above.
Step1: Login
Login into the switch and navigate to configuration mode.
login as: edledge
Password:edlege.com
edledge-switch>en
Password:edledge.com
edledge-switch#
edledge-switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
edledge-switch(config)#
Step2: Remove Radius Config
Bypass or remove the RADIUS configuration using the command shown below.
edledge-switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
edledge-switch(config)#int gig 1/0/1
edledge-switch(config-if)#no dot1x port-control
edledge-switch(config-if)#exit
edledge-switch(config)#
2. Force Authorize RADIUS Authentication
In this section, we will discuss how to “Force Authorize RADIUS Authentication” on a switch interface.
edledge-switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
edledge-switch(config)#int gig 1/0/1
edledge-switch(config-if)#switchport access vlan 5
edledge-switch(config-if)#dot1x port-control force-authorized
edledge-switch(config-if)#exit
edledge-switch(config)#
3. Force Unauthorize RADIUS Authentication
In this section, we will discuss how to “Force Unauthorize RADIUS Authentication” on a switch interface.
edledge-switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
edledge-switch(config)#int gig 1/0/1
edledge-switch(config-if)#dot1x port-control force-unauthorized
edledge-switch(config-if)#exit
edledge-switch(config)#
4. mac-based RADIUS Authentication
In this section, we will discuss how to “mac-based Authorize RADIUS Authentication” on a switch interface.
edledge-switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
edledge-switch(config)#int gig 1/0/1
edledge-switch(config-if)#dot1x port-control mac-based
edledge-switch(config-if)#exit
edledge-switch(config)#
5. Auto RADIUS Authentication
In this section, we will discuss how to “auto Authorize RADIUS Authentication” on a switch interface.
edledge-switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
edledge-switch(config)#int gig 1/0/1
edledge-switch(config-if)#dot1x port-control auto
edledge-switch(config-if)#exit
edledge-switch(config)#
Using the above methods we can change the RADIUS authentication as per our requirement.
RADIUS is considered to be one of the good options to maintain the authentication of clients and improve security. RADIUS configuration on Ubiquiti Unifi is also easy and useful. Refer to the attached article if you are looking to change the SSH version of Cisco Switch. Also if you are looking to upgrade the firmware of the Dell switch stack or the firmware upgrade of standalone Dell switch.
Source: Cisco, Lab, Knowledge Base
EA00082