Ethernet 802.x1 configuration – Arista
In this topic, you will learn how to configure Arista switches to work together with Portnox™ Cloud and 802.1X RADIUS authentication for wired Ethernet connections.
Warning: This configuration might not work on all Arista models and firmware versions. To get the most accurate and
current configuration guidance on switch 802.1X configuration, we strongly recommend that you refer to the documentation
provided by Arista Networks on these topics for your particular device model and firmware version.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual
RADIUS server addresses, ports, and keys, as well as device interfaces, limits, and VLANs, by replacing the values that are
presented as underlined italics.
-
Specify RADIUS servers for authentication and accounting using the data of the Portnox
Cloud US and EU RADIUS servers.
radius-server host 20.119.69.248 key rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
radius-server host 52.232.122.157 key fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
aaa group server radius PORTNOX
server 20.119.69.248 auth-port 10322 acct-port 10323
server 52.232.122.157 auth-port 10476 acct-port 10477
aaa authentication dot1x default group PORTNOX
aaa accounting dot1x default start-stop group PORTNOX
- Optional:
Verify the configuration if needed.
show dot1x radius
RADIUS Server Status Time -------------------- ------------ ----------- 20.119.69.248:10322 active n/a 52.232.122.157:10476 active n/a
-
Enable dynamic authorization (required for CoA).
-
Enable 802.1X globally.
dot1x system-auth-control
dot1x protocol lldp bypass
dot1x dynamic-authorization
-
Configure the interface to use EAPoL authentication.
- Optional:
Verify the configuration.
show dot1x interface Ethernet18
Dot1X Information for Ethernet18 -------------------------------------------- Port control: auto Forced phone authorization: disabled EAPOL: enabled (...)
Here is the entire example configuration for your convenience:
radius-server host 20.119.69.248 key rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
radius-server host 52.232.122.157 key fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
!
aaa group server radius PORTNOX
server 20.119.69.248 auth-port 10322 acct-port 10323
server 52.232.122.157 auth-port 10476 acct-port 10477
!
aaa authentication dot1x default group PORTNOX
aaa accounting dot1x default start-stop group PORTNOX
!
radius-server dynamic-authorization port 3799
radius-server dynamic-authorization portnox-server
!
dot1x system-auth-control
dot1x protocol lldp bypass
dot1x dynamic-authorization
!
interface Ethernet18
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host authenticated