Listing 1: Privater Schlüssel und CSR für RadSec

SW-ACC-1#security pki key generate rsa 4096 SW-ACC-1.key
SW-ACC-1(config)#security pki certificate generate signing-request key SW-ACC-1.key
SW-ACC-1#scp SW-ACC-1.pem radsec_ca_certificate.pem <user>@<switch-ip>:/mnt/flash
SW-ACC-1#copy flash:SW-ACC-1.pem certificate:
SW-ACC-1#copy flash:radsec_ca_certificate.pem certificate:
SW-ACC-1(config)#management security
SW-ACC-1(config-mgmt-security)#ssl profile agni-server
SW-ACC-1(config-mgmt-sec-ssl-profile-server)#certificate SW-ACC-1.pem key SW-ACC-1.key
SW-ACC-1(config-mgmt-sec-ssl-profile-server)#trust certificate radsec_ca_certificate.pem


Listing 2: Konfiguration von RadSec

SW-ACC-1(config)#radius-server host beta.agni.arista.io tls ssl-profile agni-server
SW-ACC-1(config)#aaa group server radius agni-server-group
SW-ACC-1(config-sg-radius-agni-server-group)# server beta.agni.arista.io tls
SW-ACC-1(config)#aaa authentication dot1x default group radius
SW-ACC-1(config)#aaa accounting dot1x default start-stop group radius


Listing 3: Aktivierung von 802.1X

SW-ACC-1(config)# dot1x system-auth-control
SW-ACC-1(config)# interface Ethernet1
SW-ACC-1(config-if-Et1)# switchport mode access
SW-ACC-1(config-if-Et1)# dot1x pae authenticator
SW-ACC-1(config-if-Et1)# dot1x port-control auto