EasyManuals Logo

Cisco WS-C6506 User Manual

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1024 background imageLoading...
Page #1024 background image
40-30
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 40 Configuring 802.1X Authentication
Configuring 802.1X Authentication on the Switch
After you define a QoS policy on the switch, you should map the policy to a VLAN or port (using
the set qos acl map command) and verify that the policy mapping succeeds. After verification, clear
the ACL mapping and configure 802.1X on the interface.
Note Be careful when you name the QoS ACL. The QoS ACL name must match the policy name specified on
the RADIUS server.
802.1X with QoS ACLs Configuration Example
In the following example, QoS is enabled and an 802.1X QoS policy (Dot1xDscp5Policy) is created. The
policy is then committed. The same policy name (Dot1xDscp5Policy) is then configured on the RADIUS
server. After a period of time, you can see that the policy is applied to port 3/1 after 802.1X has
authenticated a client and applied the policy. You can see that the policy mapping is not found in the
configuration (config) display of the mapping command: it is found only in the run-time configuration.
The AV-pairs at the RADIUS server require the following input—qos:inpacl=Dot1xDscp5Policy. After
supplicant authentication on port 3/1, the QoS run-time mapping to port 3/1 occurs.
The other options for the AV-pairs are as follows—qos:invacl=<policy-name> and
qos:outpacl=<policy-name>.
If the policy name in the AV-pairs does not match a policy name in the switch, the supplicant is not
authenticated.
Console> (enable) set qos enable
QoS is enabled.
Console> (enable) set qos acl ip Dot1xDscp5Policy dscp 5 any
Dot1xDscp5Policy editbuffer modified. Use 'commit' command to apply changes.
Console> (enable) commit qos acl all
QoS ACL 'Dot1xDscp5Policy' successfully committed.
Console> (enable) show qos acl map config Dot1xDscp5Policy
QoS ACL mappings on input side:
ACL name Type Vlans
-------------------------------- ---- ---------------------------------
Dot1xDscp5Policy IP
ACL name Type Ports
-------------------------------- ---- ---------------------------------
Dot1xDscp5Policy IP
QoS ACL mappings on output side:
ACL name Type Vlans
-------------------------------- ---- ---------------------------------
Dot1xDscp5Policy IP
Console> (enable)
<<< Dot1x Authenticates a client on 3/1 and applies Dot1xDscp5Policy >>>
Console> (enable) show qos acl map runtime Dot1xDscp5Policy
QoS ACL mappings on input side:
ACL name Type Vlans
-------------------------------- ---- ---------------------------------
Dot1xDscp5Policy IP
ACL name Type Ports
-------------------------------- ---- ---------------------------------
Dot1xDscp5Policy IP 3/1
QoS ACL mappings on output side:
ACL name Type Vlans
-------------------------------- ---- ---------------------------------
Dot1xDscp5Policy IP
Console> (enable) show qos acl map config Dot1xDscp5Policy

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco WS-C6506 and is the answer not in the manual?

Cisco WS-C6506 Specifications

General IconGeneral
BrandCisco
ModelWS-C6506
CategorySwitch
LanguageEnglish

Related product manuals