49-47
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
authentication timer inactivity 200
mab eap
dot1x pae authenticator
end
Switch#
Switch# show ip access-list pacl-4
10 permit ip host 1.1.1.1 host 2.2.2.2
20 permit icmp host 1.1.1.1 host 2.2.2.2
Switch#
Per-User ACL Configuration in ACS
In the Group/User Setting page, scroll down to the Cisco IOS/PIX 6.x RADIUS Attributes section. Select the box next to
[009\001 cisco-av-pair] and enter the elements of the per-user ACL. Per-user ACLS take this format:
protocol_#:inacl# sequence number=ACE
protocol Either
ip (for IP-based ACLs) or mac (for MAC-based ACLs)
Figure 49-12 shows how members of the group you are configuring are denied all access to the 10.100.60.0 subnet, are denied
HTTP access to the server at 10.100.10.116, and are permitted everywhere else.
To Next Page
Loading...
