Cisco WS-C6506 - Configuring a Downloaded ACL for Dot1 X for an IP Phone

1488 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

15-119

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

OL-8978-04

Chapter 15 Configuring Access Control

Downloadable ACLs

7. deny ip host 9.6.6.104 67.104.129.189 255.255.0.0

8. include downloaded-acl dot1x

• Displays the dot1x user all O/P:

Console> (enable) show dot1x user all

Username Mod/Port UserIP VLAN

---------------------- -------- ------ ------

host 5/35 9.6.6.104 16

Downloaded ACL

---------------------------------------------------------

ACSACL#-IP-test-44bb6f49

Derived ACL

--------------------------------

dacl1x_5_35

• Checks the DACL name:

Console> (enable) show security acl downloaded-acl all

Downloaded ACL Summary:

ACL Name Date/Time

-----------------------------------------------------------------------

1.#ACSACL#-IP-test-44bb6f49 Fri Jul 21 2006, 05:05:58

Displays the user-mapped IP, port, and the feature:

Console> (enable) show security acl downloaded-acl user-map

Downloaded ACL User Map:

ACL Name : #ACSACL#-IP-test-44bb6f49

User Count : 1

Num of Aces : 5

Ip Address mNo/pNo Feature

------------------------------------------------------------

1. 9.6.6.104 5/35 dot1x

• Displays the DACL information specific to the port:

Console> (enable) show security acl downloaded-acl port 5/35

Port IP Address Feature Downloaded ACL

----- ---------------- ---------- -------------------------------------

5/35 9.6.6.104 dot1x #ACSACL#-IP-test-44bb6f49

• Displays the ACEs that were downloaded from the RADIUS server:

Console (enable) show security acl downloaded-acl #ACSACL#-IP-test-44bb6f49

Downloaded ACE's for #ACSACL#-IP-test-44bb6f49:

permit ip any 10.76.255.85 255.255.255.0

deny ip any 64.104.129.189 255.255.0.0

permit tcp any eq 21 host 10.76.255.25

deny ip any 6.104.129.189 255.255.0.0

deny ip any 67.104.129.189 255.255.0.0

Configuring a Downloaded ACL for Dot1x for an IP Phone

To configure a downloaded ACL for dot1x with an IP phone, perform these steps:

Step 1 Grant permission for the IP phone by configuring the base-ACL.

Console> (enable) set security acl ip dacl1x permit arp-inspection any any

Table of Contents

Related product manuals

Preview: Cisco WS-C6509

Preview: Cisco WS-C2950-24

Cisco WS-C2950-24

Preview: Cisco WS-C2950-12

Cisco WS-C2950-12

Cisco WS-C2940-8TT-S

Preview: Cisco WS-C3750-48PS-S

Cisco WS-C3750-48PS-S

Cisco WS-C2948G-GE-TX

Preview: Cisco WS-C3560-48PS-S

Cisco WS-C3560-48PS-S

Preview: Cisco WS-C2960L-8TS-LL

Cisco WS-C2960L-8TS-LL

Preview: Cisco WS-C3560E-24PD-E

Cisco WS-C3560E-24PD-E

Cisco WS-C3750G-48PS-S

Preview: Cisco WS-C2960L-24TS-LL

Cisco WS-C2960L-24TS-LL

Preview: Cisco Catalyst WS-C3850-24T-L

Cisco Catalyst WS-C3850-24T-L