Configuring Downloadable Acls - Cisco Catalyst 2960 Software Configuration Manual

Hide thumbs Also See for Catalyst 2960:

Configuration manual (2288 pages)

Command reference manual (800 pages)

Hardware installation manual (108 pages)

Table of Contents

Configuring IEEE 802.1x Port-Based Authentication

Switch(config)# dot1x supplicant force-multicast

Switch(config)# interface gigabitethernet2/0/1

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# switchport mode trunk

Switch(config-if)# dot1x pae supplicant

Switch(config-if)# dot1x credentials test

Switch(config-if)# end

Configuring NEAT with Auto Smartports Macros

You can also use an Auto Smartports user-defined macro instead of the switch VSA to configure the

authenticator switch. For information, see the Auto Smartports Configuration Guide.

Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs

In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more

information, see the

You must configure a downloadable ACL on the ACS before downloading it to the switch.

After authentication on the port, you can use the show ip access-list privileged EXEC command to

display the downloaded ACLs on the port.

Configuring Downloadable ACLs

The policies take effect after client authentication and the client IP address addition to the IP device

tracking table. The switch then applies the downloadable ACL to the port.

Beginning in privileged EXEC mode:

configure terminal

ip device tracking

aaa new-model

aaa authorization network default group

radius-server vsa send authentication

interface interface-id

ip access-group acl-id in

show running-config interface interface-id

copy running-config startup-config

Cisco Secure ACS configuration

Enter global configuration mode.

Configure the ip device tracking table.

Enables AAA.

Sets the authorization method to local. To remove the

authorization method, use the no aaa authorization network

default group radius command.

Configure the radius vsa send authentication.

Specify the port to be configured, and enter interface

configuration mode.

Configure the default ACL on the port in the input direction.

The acl-id is an access list name or number.

Verify your configuration.

(Optional) Save your entries in the configuration file.

Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE

Configuring 802.1x Authentication

Show Quick Links

Chapters

Table of Contents

Troubleshooting

Catalyst 2960-s

Configuring Downloadable Acls - Cisco Catalyst 2960 Software Configuration Manual

Configuring Downloadable ACLs

Hide quick links:

Chapters

Troubleshooting

Related Manuals for Cisco Catalyst 2960

Related Content for Cisco Catalyst 2960

This manual is also suitable for:

Table of Contents