Cisco Systems 2960 Model Vehicle User Manual


  Open as PDF
of 1004
 
10-67
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
This example shows how to configure a switch for a downloadable policy:
Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# aaa new-model
Switch(config)# aaa authorization network default group radius
Switch(config)# ip device tracking
Switch(config)# ip access-list extended default_acl
Switch(config-ext-nacl)# permit ip any any
Switch(config-ext-nacl)# exit
Switch(config)# radius-server vsa send authentication
Switch(config)# interface gigabitethernet2/0/1
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip access-group default_acl in
Switch(config-if)# exit
Step 3
interface interface-id Enter interface configuration mode.
Step 4
ip access-group acl-id in Configure the default ACL on the port in the input direction.
Note The acl-id is an access list name or number.
Step 5
exit Returns to global configuration mode.
Step 6
aaa new-model Enables AAA.
Step 7
aaa authorization network default
group radius
Sets the authorization method to local. To remove the authorization
method, use the no aaa authorization network default group radius
command.
Step 8
ip device tracking Enables the IP device tracking table.
To disable the IP device tracking table, use the no ip device tracking
global configuration commands.
Step 9
ip device tracking probe [count |
interval | use-svi]
(Optional) Configures the IP device tracking table:
count count—Sets the number of times that the switch sends the ARP
probe. The range is from 1 to 5. The default is 3.
interval interval—Sets the number of seconds that the switch waits
for a response before resending the ARP probe. The range is from 30
to 300 seconds. The default is 30 seconds.
use-svi—Uses the switch virtual interface (SVI) IP address as source
of ARP probes.
Step 10
radius-server vsa send authentication Configures the network access server to recognize and use vendor-specific
attributes.
Note The downloadable ACL must be operational.
Step 11
end Returns to privileged EXEC mode.
Step 12
show ip device tracking all Displays information about the entries in the IP device tracking table.
Step 13
copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose