9-60
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Configuring NEAT with ASP
You can also use an AutoSmart Ports user-defined macro instead of the switch VSA to configure the
authenticator switch. For more information, see the Chapter 12, “Configuring Smartports Macros.”
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more
information, see the Cisco Secure ACS configuration guides.
Note You must configure a downloadable ACL on the ACS before downloading it to the switch.
After authentication on the port, you can use the show ip access-list privileged EXEC command to
display the downloaded ACLs on the port.
Configuring Downloadable ACLs
The policies take effect after client authentication and the client IP address addition to the IP device
tracking table. The switch then applies the downloadable ACL to the port.
Beginning in privileged EXEC mode:
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip device tracking Configure the ip device tracking table.
Step 3
aaa new-model Enables AAA.
Step 4
aaa authorization network default group
radius
Sets the authorization method to local. To remove the
authorization method, use the no aaa authorization network
default group radius command.
Step 5
radius-server vsa send authentication Configure the radius vsa send authentication.
Step 6
interface interface-id Specify the port to be configured, and enter interface
configuration mode.
Step 7
ip access-group acl-id in Configure the default ACL on the port in the input direction.
Note The acl-id is an access list name or number.
Step 8
show running-config interface interface-id Verify your configuration.
Step 9
copy running-config startup-config (Optional) Save your entries in the configuration file.
To Next Page