Cisco Catalyst 4500 Series Software Configuration Manual page 1331

Chapter 49 Configuring 802.1X Port-Based Authentication
Session timeout:
Common Session ID:
Acct Session ID:
Handle:
Current Policy:
Local Policies:
arp-probe-timeout:
Server Policies:
Per-User ACL:
:
Method status list:
Method
mab
The following command displays the contents of the per-user-acl (note that per-user-acl are shown above as the default port
ACL configured on the interface, 151 is the default port ACL in the preceding example below):
Switch# show access-list
151
deny ip host 20.20.0.3 host 20.20.10.10
10 permit ip any any (57 estimate matches)
..
..
..(check for the mac access-list created)..
..
Extended MAC access list PerUser_MAC_ACL-589079192 (per-user)
deny any host 0000.aaaa.aaaa
..
The following command shows that the Policy Enforced Module (EPM) session contains the Filter-Id 155 from ACS:
The 156 IP extended ACL is to be preconfigured on the switch, so that the policy enforcement can
Note
happen.
Switch# show ip access-list 156
Extended IP access list 156
10 deny ip any host 155.155.155.156
20 deny ip any 156.100.60.0 0.0.0.255
30 deny tcp any host 156.100.10.116 eq www
The following command shows authentication sessions that contains the Filter-Id TEST-ACL. TEST-ACL has been defined
locally:
Switch-2033# show authentication sessions interface Gi2/9 details
Interface:
MAC Address:
IPv6 Address:
IPv4 Address:
User-Name:
Status:
Domain:
Oper host mode:
Oper control dir:
Session timeout:
Common Session ID:
Acct Session ID:
N/A
0D0202010000003D04147B45
0x0000004A
0x7900002A
POLICY_Gi2/9
yes
GigabitEthernet1/0/23#v4#7C1C4AC
permit ip any host 1.1.1.20
State
Authc Success
GigabitEthernet2/9
2c54.2d6a.0344
Unknown
7.7.7.19
2C-54-2D-6A-03-44
Authorized
DATA
multi-auth
both
N/A
0A4046D50000009C0310AB47
0x000000E7
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Configuring 802.1X Port-Based Authentication
49-51