46-45
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
dot1x pae authenticator
end
Switch#
Switch# show access-list pacl-4
10 permit ip host 1.1.1.1 host 2.2.2.2
20 permit icmp host 1.1.1.1 host 2.2.2.2
Switch#
Verify URL-redirect by using the following commands.
The show ip device tracking command displays the constraints on the IP device tracking table:
Switch(config)# show ip device tracking all
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
--------------------------------------------------------------
IP Address MAC Address Interface STATE
--------------------------------------------------------------
50.0.0.12 0015.60a4.5e84 GigabitEthernet2/9 ACTIVE
The show authentication sessions interface details command displays the URL-redirect-acl and
URL-redirect URL information that downloads from the ACS:
Switch-2033# show authentication sessions int G1/0/7 details
Interface: GigabitEthernet1/0/7
MAC Address: 2c54.2d6a.0344
IPv6 Address: Unknown
IPv4 Address: 7.7.7.17
User-Name: 2C-54-2D-6A-03-44
Status: Authorized
Domain: DATA
Oper host mode: multi-auth
Oper control dir: both
Session timeout: N/A
Common Session ID: 0A4046D50000009502F03C4B
Acct Session ID: 0x000000D9
Handle: 0x0700005A
Current Policy: POLICY_Et0/0
Local Policies:
Server Policies:
URL Redirect: www.cisco.com
URL Redirect ACL: urlacl
Method status list:
Method State
mab Authc Success
For more information about AV pairs that are supported by Cisco IOS software, see the
ACS configuration and command reference documentation about the software releases running on the
AAA clients.
Guideline for DACL and URL Redirect
For downloadable ACL or URL redirect, the ACL source must be ANY
(permit TCP ANY host 1.1.1.1 eq 80 or permit TCP ANY host 1.1.1.1 eq 443).
To Next Page
Loading...
