Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more
information, see the Configuration Guide for Cisco Secure ACS 4.2:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/acs_config.pdf
Note
You must configure a downloadable ACL on the ACS before downloading it to the switch.
After authentication on the port, you can use the show ip access-list privileged EXEC command to display
the downloaded ACLs on the port.
Configuring Downloadable ACLs
The policies take effect after client authentication and the client IP address addition to the IP device tracking
table. The switch then applies the downloadable ACL to the port.
Beginning in privileged EXEC mode:
SUMMARY STEPS
1. configure terminal
2. ip device tracking
3. aaa new-model
4. aaa authorization network default local group radius
5. radius-server vsa send authentication
6. interface interface-id
7. ip access-group acl-id in
8. show running-config interface interface-id
9. copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2
ip device tracking
Example:
Switch(config)# ip device tracking
OL-29434-01
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
Purpose
Enters global configuration mode.
Sets the ip device tracking table.
289