Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

10-66

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

Configuring Downloadable ACLs

The policies take effect after client authentication and the client IP address addition to the IP device

tracking table. The switch then applies the downloadable ACL to the port.

Beginning in privileged EXEC mode:

Configuring a Downloadable Policy

Beginning in privileged EXEC mode:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

ip device tracking Configure the ip device tracking table.

Step 3

aaa new-model Enables AAA.

Step 4

aaa authorization network default group

radius

Sets the authorization method to local. To remove the

authorization method, use the no aaa authorization network

default group radius command.

Step 5

radius-server vsa send authentication Configure the radius vsa send authentication.

Step 6

interface interface-id Specify the port to be configured, and enter interface

configuration mode.

Step 7

ip access-group acl-id in Configure the default ACL on the port in the input direction.

Note The acl-id is an access list name or number.

Step 8

show running-config interface interface-id Verify your configuration.

Step 9

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

access-list access-list-number deny

source source-wildcard log

Defines the default port ACL by using a source address and wildcard.

The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.

Enter deny or permit to specify whether to deny or permit access if

conditions are matched.

The source is the source address of the network or host that sends a packet,

such as this:

• The 32-bit quantity in dotted-decimal format.

• The keyword any as an abbreviation for source and source-wildcard

value of 0.0.0.0 255.255.255.255. You do not need to enter a

source-wildcard value.

• The keyword host as an abbreviation for source and source-wildcard

of source 0.0.0.0.

(Optional) Applies the source-wildcard wildcard bits to the source.

(Optional) Enters log to cause an informational logging message about the

packet that matches the entry to be sent to the console.

previous next