EasyManua.ls Logo

Cisco Catalyst 4500 Series - Per-User ACL and Filter-ID ACL

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
49-46
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Per-User ACL and Filter-ID ACL
Prior to Cisco IOS Release 12.2(52)SG, the Catalyst 4500 platform only supported downloadable ACLs, which work with the
Cisco ACS server but not with third-party AAA servers. With
Cisco IOS Release 12.2(52)SG, the Catalyst 4500 switch offers the Filter-ID/Per-user-acl enhancement, which allows ACL
policy enforcement using a third-party AAA server.
The Filter-ID feature provides the following capabilities:
Filter-ID option allows an administrator to define the ACL name on the AAA server using IETF standard RADIUS
attribute. The ACL itself must be preconfigured locally on the switch.
The Per-user-acl feature provides the following capabilities:
Per-user ACL allows an administrator to define the per-user ACL on the AAA server using Cisco RADIUS AV pairs. This
action allows a third-party AAA server to interoperate by loading the Cisco RADIUS dictionary, which has Cisco Radius
AV pairs configured as a VSA.
Note The RADIUS vendor-specific attributes (VSAs) allow vendors to support their own proprietary RADIUS attributes that
are not included in standard RADIUS attributes.
Configuring the Switch
To configure the switch for per-user ACL and filter-ID ACL:
Step 1 Configure the IP device tracking table.
Switch(config)# ip device tracking
Step 2 Configure static ACL for the interface.
Switch(config)# int g2/9
Switch(config-if)# ip access-group pacl-4 in
Interface Configuration Example
Switch# show running-configuration interface g2/9
Building configuration...
Current configuration : 617 bytes
!
interface GigabitEthernet2/9
switchport
switchport access vlan 29
switchport mode access
switchport voice vlan 1234
access-group mode prefer port
ip access-group pacl-4 in
speed 100
duplex full
authentication event fail action authorize vlan 111
authentication event server dead action authorize vlan 333
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x
authentication port-control auto
authentication timer restart 100
authentication timer reauthenticate 20

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Administration Guide
Administration Guide1814 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Message Guide
Message Guide146 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages
Preview: Datasheet
Datasheet11 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Overview
Overview46 pages

Related product manuals