Configuring A Downloadable Policy - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
Configuring a Downloadable Policy
To configure downloadable policies, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# access-list
access-list-number {deny | permit}
source [source-wildcard] [log]
Step 3
Switch(config-if)# interface
interface-id
Step 4
Switch(config-if)# ip access-group
{access-list-number | name} in
Step 5
Switch(config)# exit
Step 6
Switch(config)# aaa new-model
Step 7
Switch(config)# aaa authorization
network default local
Step 8
Switch(config)# ip device tracking
Step 9
Switch(config)# ip device tracking
[probe {count count | interval
interval}]
Step 10
Switch(config)# ip device tracking
[probe {delay interval}]
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
46-46
Chapter 46
Purpose
Enters global configuration mode.
Defines the default port ACL through a source address and wildcard.
The access-list-number is a decimal from 1 to 99 or 1300 to 1999.
Enter deny or permit to specify whether to deny or permit access if
conditions match.
source is the address of the network or host from which the packet is sent,
specified as follows:
The 32-bit quantity in dotted-decimal format
•
The keyword any as an abbreviation for source and source-wildcard
•
value of 0.0.0.0 255.255.255.255
You do not need a source-wildcard value.
The keyword host as an abbreviation for source and source-wildcard
•
of source 0.0.0.0.
(Optional) Applies the source-wildcard wildcard bits to the source.
(Optional) Enters log to cause an informational logging message about the
packet that matches the entry to be sent to the console.
Enters interface configuration mode.
Controls access to the specified interface.
This step is mandatory for a functioning downloaded policy.
Returns to global configuration mode.
Enables AAA.
Sets the authorization method to local. To remove the authorization
method, use the no aaa authorization network default local command.
Enables the IP device tracking table.
To disable the IP device tracking table, use the no ip device tracking
global configuration commands.
(Optional) Configures these parameters for the IP device tracking table:
count—Number of times that the switch sends the ARP probe. The
•
range is 1 to 5. The default is 3.
•
interval—Number of seconds that the switch waits for a response
before resending the ARP probe. The range is 30 to 300 seconds. The
default is 30 seconds.
(Optional) Configures the optional probe delay parameter for the IP
device tracking table:
interval—Number of seconds that the switch delays sending an ARP
•
probe, triggered by link-up and ARP probe generation by the tracked
device. The range is 1 to 120 seconds. The default is 0 seconds.
Configuring 802.1X Port-Based Authentication
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
