Model

ECS4110-28P

1. Configure the freeRADIUS server

vi /etc/freeradius/client.conf 

  client 192.168.1.0/24 {
     secret = testing123
     shortname = private-network-1
  }

vi /etc/freeradius/eap.conf

default_eap_type = md5

vi /etc/freeradius/users

test User-Password := "test"
     Framed-Filter-Id = "rate-limit-input=12345;switchport-priority-default=3;"

NOTE:

The RADIUS server may optionally return dynamic QoS assignments to be applied to a switch port for an authenticated user. The "Filter-ID" attribute (attribute 11) can be configured on the RADIUS server to pass the following QoS information:

p.s. Refer the management guide manual.

2. Set IP address on VLAN 1

Console#conf
Console(config)#interface vlan 1
Console(config-if)#ip address 192.168.1.1 255.255.255.0
Console(config-if)#exit

3. Specifies the RADIUS servers and the corresponding secret key

Console(config)#radius-server 1 host 192.168.1.13 key testing123

4. Enables dot1x globally on the switch

Console(config)#dot1x system-auth-control

5. Enables dot1x mode and dynamic QoS feature on port 1

Console(config)#interface ethernet 1/11
Console(config-if)#dot1x port-control auto
Console(config-if)#network-access dynamic-qos
Console(config-if)#exit
Console(config)#

6. Enables authentication methods with the MD5-Challenge on the TESTPC1's network card.

p.s. How to re-enable EAP-MD5 support in versions of Windows Vista or Windows 7 ?

http://support.microsoft.com/kb/922574/en-us

7. Connect the PC to the switch port 1 then click the pop-up message.

8. Enter the username and password.

9. Check the result.

Console#show interfaces switchport ethernet 1/11