54-3
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 54 Auto Identity
Information About Auto Identity
Switch(config-radius-server)# end
The AI_GLOBAL_CONFIG_TEMPLATE automatically configures the following commands:
dot1x system-auth-control
aaa new-model
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting identity default start-stop group radius
aaa accounting system default start-stop group radius
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 6 voice 1
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
Auto Identity Interface Templates
The following interface templates are available in the Auto Identity feature:
• AI_MONITOR_MODE—Passively monitors sessions that have authentication in open mode.
• AI_LOW_IMPACT_MODE—Similar to monitor mode, but with a configured static policy such as
a port access control list (PACL).
• AI_CLOSED_MODE—Secure mode in which data traffic is not allowed into the network, until
authentication is complete. This mode is the default.
The following commands are inbuilt in the AI_MONITOR_MODE:
switchport mode access
access-session port-control auto
access-session host-mode multi-auth
dot1x pae authenticator
mab
service-policy type control subscriber AI_DOT1X_MAB_POLICIES
The following commands are inbuilt in the AI_LOW_IMPACT_MODE:
switchport mode access
access-session port-control auto
access-session host-mode multi-auth
dot1x pae authenticator
mab
ip access-group AI_PORT_ACL in
service-policy type control subscriber AI_DOT1X_MAB_POLICIES
The following commands are inbuilt in the AI_CLOSED_MODE:
switchport mode access
access-session closed
access-session port-control auto
access-session host-mode multi-auth
dot1x pae authenticator
mab
service-policy type control subscriber AI_DOT1X_MAB_POLICIES
To Next Page
Loading...
