Provision In Low Impact Mode - Cisco Catalyst 3850 Manual
Hide thumbs
Also See for Catalyst 3850:
- Hardware installation manual (146 pages) ,
- Deployment manual (54 pages) ,
- Command reference manual (40 pages)
Table of Contents
Advertisement
Securing Access Using 802.1x on a wired LAN
Provision in Low-Impact Mode
The next deployment phase in securing your network is to provision in low impact mode, which allows
differentiated network access to authenticated users while permitting basic network services for all
users.
Note
For information about configuration of multiple-authentication mode on IEEE 802.1x ports, see
"Provision Common Wired Security
Minimize the impact to your initial network access settings and add differentiated network access to
authenticated users with low-impact mode provisioning. In low-impact mode, authentication is open and
network access is contained using less restrictive port ACLs. After authentication, dACLs are used to
allow full network access to end devices.
Step 10
configure multi-domain mode to prevent unauthorized users from accessing an interface after an
authorized user has been authenticated.
authentication host-mode multi-domain
Step 11
Add a static ACL to allow basic network access.
Configure a restrictive port ACL that allows access for configuration and a Configured Trust List (CTL).
Begin in global configuration mode.
ip access-list extended
permit tcp any any established
permit udp any any eq bootps
permit udp any any eq tftp
permit udp any any eq domain
exit
interface
ip access-group
Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series
72
Access".
LowImpactSecurity-acl
GigabitEthernet1/0/1
LowImpactSecurity-acl
Access Control on the Wired Network
in
Hide quick links:
Advertisement
Table of Contents
