231
Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication with Downloadable ACLs and Redirect
URLs
In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more information, see
the Cisco Secure ACS configuration guides.
Note: You must configure a downloadable ACL on the ACS before downloading it to the switch.
Configuring Downloadable ACLs
The policies take effect after client authentication and the client IP address addition to the IP device tracking table. The
switch then applies the downloadable ACL to the port.
11. end Returns to privileged EXEC mode.
12. show running-config interface
interface-id
Verifies your configuration.
13. copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
Command Purpose
1. configure terminal Enters global configuration mode.
2. ip device tracking Configures the IP device tracking table.
3. aaa new-model Enables AAA.
4. aaa authorization network default group radius Sets the authorization method to local. To remove the
authorization method, use the no aaa authorization network
default group radius command.
5. radius-server vsa send authentication Configures the RADIUS VSA send authentication.
6. interface interface-id Specifies the port to be configured, and enters interface
configuration mode.
7. ip access-group acl-id in Configures the default ACL on the port in the input direction.
Note: The acl-id is an access list name or number.
8. show running-config interface interface-id Verifies your configuration.
9. copy running-config startup-config (Optional) Saves your entries in the configuration file.
To Next Page
Loading...
Need help?
General