Cisco Catalyst 4500 series Administration Manual page 1182

Configuring 802.1X Port-Based Authentication
Configuring ACS
To configure two Cisco-AV pairs, add the following statements under the user or group Cisco IOS/PIX
6x RADIUS attributes:
url-redirect-acl=urlacl
url-redirect=http://www.cisco.com
Note
Configuring the Switch
To configure the switch for URL redirect, follow these steps:
Configure the IP device tracking table.
Step 1
Switch(config)# ip device tracking
Step 2 Configure RADIUS by using the send authentication command.
Switch(config)# radius-server vsa send authentication
Step 3 Configure the URL redirect ACL (URLACL).
Switch# ip access-list urlacl
Switch#
Step 4 Configure static ACL (PACL) for the interface.
Switch(config)# int g2/9
Switch(config-if)# ip access-group pacl-4 in
Interface Configuration Example
Switch# show running-configuration int g2/9
Building configuration...
Current configuration : 617 bytes
!
interface GigabitEthernet2/9
switchport
switchport access vlan 29
switchport mode access
switchport voice vlan 1234
access-group mode prefer port
ip access-group pacl-4 in
speed 100
duplex full
authentication event fail action authorize vlan 111
authentication event server dead action authorize vlan 333
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x
authentication port-control auto
authentication timer restart 100
authentication timer reauthenticate 20
authentication timer inactivity 200
mab
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
46-44
A default port ACL must be configured on the interface.
10 permit tcp any any
Chapter 46 Configuring 802.1X Port-Based Authentication
OL_28731-01