166
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Identity Features on Layer 3 Interface
Preauthentication Access Control List
Verifying Authentication Control-Direction Setting-in
Use the show authentication sessions and show dot1x commands to verify the authentication
control-direction setting-in:
c1921#show authentication sessions interface gi0/1
Interface: GigabitEthernet0/1
MAC Address: 0201.0201.0201
IP Address: Unknown
User-Name: testUser1
Status: Authz Success
Domain: DATA
Oper host mode: single-host
Oper control dir: in
Authorized By: Authentication Server
Vlan Group: N/A
AAA Policies:
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 030303030000000C00310024
Acct Session ID: 0x0000000F
Handle: 0x8C00000D
Runnable methods list:
Method State
dot1x Authc Success
c1921#show dot1x interface g0/1
Dot1x Info for GigabitEthernet0/1
-----------------------------------
PAE = AUTHENTICATOR
PortControl = AUTO
ControlDirection = In
HostMode = SINGLE_HOST
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 2
MaxReq = 2
TxPeriod = 30
Preauthentication Access Control List
When Open-Access is installed, we recommend that a default port access control list (ACL) is
configured on the authenticator. The ACL allows the end point to get a minimum access to the network
to get its IP Address and running.
Configuring the Preauthentication Access Control List
For information about preconfiguring ACL, see:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_s
wcg/port_acls.html#wp1039754
To Next Page
Loading...
