EasyManua.ls Logo

Cisco WS-C6506 - Configuring a Downloaded ACL for Dot1 X

Cisco WS-C6506
1488 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
15-117
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Downloadable ACLs
Configuring a Downloaded ACL for dot1x
To configure a downloaded ACL for dot1x without an IP phone, perform these steps:
Step 1 Create a base ACL with an include dot1x keyword.
Console> (enable) set security acl ip dacl1x permit arp-inspection any any
dacl1x editbuffer modified. Use 'commit' command to apply changes.
Console> (enable) set security acl ip dacl1x permit dhcp-snooping
Successfully configured DHCP Snooping for ACL dacl1x. Use 'commit' command to save
changes.
Console> (enable) set security acl ip dacl1x include downloaded-acl dot1x
Successfully configured placeholder download ACL dacl1x. Use 'commit' command to save
changes.
Console> (enable) commit security acl all
Commit operation in progress.
Step 2 Set the security-acl mode on the port used for authentication to port-based mode.
Console> (enable) set port security-acl 5/35 port-based
Warning: Vlan-based ACL features will be disabled on ports 5/35
ACL interface is set to port-based mode for port(s) 5/35.
Step 3 Map the base ACL (with the include keyword) to that port.
Console> (enable) set security acl map dacl1x 5/35
Mapping in progress.
ACL dacl1x successfully mapped to port(s) 5/35
Step 4 Enable dot1x globally and on that port.
Console> (enable) set dot1x system-auth-control enable
Dot1x is globally enabled.
Configured RADIUS servers will be used for dot1x authentication.
Console> (enable) set port dot1x 5/35 port-control auto
Port 5/5 dot1x port-control is set to auto.
Trunking disabled for port 5/35 due to Dot1x feature.
Spantree port fast start option enabled for port 5/35.
Step 5 Display the port security settings for the configured port.
Console> (enable) show port security-acl 5/35
Port Interface Type Interface Type Interface Merge Status
config runtime runtime
----- -------------- -------------- ----------------------
5/35 port-based port-based not applicable
Config:
Port ACL name Type
----- -------------------------------- ----
5/35 dacl1x IP
Runtime:
Port ACL name Type
----- -------------------------------- ----
5/35 dacl1x IP
dhcp-snooping:
Port Trust Source-Guard Source-Guarded IP Addresses
----- ----------- ------------ ---------------------------
5/35 untrusted disabled
Port Binding Limit No. of Existing Bindings

Table of Contents

Related product manuals