Configuring Radius-Provided Session Timeouts - Cisco Catalyst 4500 Series Software Configuration Manual
Cisco ios xe release 3.9.xe and cisco ios release 15.2(5)ex
Hide thumbs
Also See for Catalyst 4500 Series:
- Administration manual (1814 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 49
Configuring 802.1X Port-Based Authentication
Command
Step 4
Switch(config-if)# ip access-group
{access-list-number | name} in
Step 5
Switch(config)# exit
Step 6
Switch(config)# aaa new-model
Step 7
Switch(config)# aaa authorization
network default local
Step 8
Switch(config)# ip device tracking
Step 9
Switch(config)# ip device tracking
[probe {count count | interval
interval}]
Step 10
Switch(config)# ip device tracking
[probe {delay interval}]
Step 11
Switch(config)# end
Step 12
Switch# show ip device tracking
{all | interface interface-id | ip
ip-address | mac mac-address}
Step 13
Switch# copy running-config
startup-config
The following example illustrates how to configure a switch for downloadable policy:
Switch# config terminal
Enter configuration commands, one per line.
Switch(config)# aaa new-model
Switch(config)# aaa authorization network default local
Switch(config)# ip device tracking
Switch(config)# ip access-list extended default_acl
Switch(config-ext-nacl)# permit ip any any
Switch(config-ext-nacl)# exit
Switch(config)# int fastEthernet 2/13
Switch(config-if)# ip access-group default_acl in
Switch(config-if)# exit
Configuring RADIUS-Provided Session Timeouts
You can configure the Catalyst 4500 series switch to use a RADIUS-provided reauthentication timeout.
To configure RADIUS-provided timeouts, perform this task:
Purpose
Controls access to the specified interface.
This step is mandatory for a functioning downloaded policy.
Returns to global configuration mode.
Enables AAA.
Sets the authorization method to local. To remove the authorization
method, use the no aaa authorization network default local command.
Enables the IP device tracking table.
To disable the IP device tracking table, use the no ip device tracking
global configuration commands.
(Optional) Configures these parameters for the IP device tracking table:
•
•
(Optional) Configures the optional probe delay parameter for the IP
device tracking table:
•
Returns to privileged EXEC mode.
Displays information about the entries in the IP device tracking table.
(Optional) Saves your entries in the configuration file.
End with CNTL/Z.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
count—Number of times that the switch sends the ARP probe. The
range is 1 to 5. The default is 3.
interval—Number of seconds that the switch waits for a response
before resending the ARP probe. The range is 30 to 300 seconds. The
default is 30 seconds.
interval—Number of seconds that the switch delays sending an ARP
probe, triggered by link-up and ARP probe generation by the tracked
device. The range is 1 to 120 seconds. The default is 0 seconds.
Configuring 802.1X Port-Based Authentication
49-53
Advertisement
Chapters
Table of Contents
Troubleshooting
