Cisco Catalyst 2960-X Security Configuration Manual page 372

Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2 access-list access-list-number { deny | permit
} { hostname | any | host } log
Example:
Switch(config)# access-list 1 deny any
log
Step 3 interface interface-id
Example:
Switch(config)# interface
gigabitethernet2/0/2
Step 4 ip access-group acl-id in
Example:
Switch(config-if)# ip access-group
default_acl in
Step 5 exit
Example:
Switch(config-if)# exit
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
348
Configuring IEEE 802.1x Port-Based Authentication
Purpose
Enters the global configuration mode.
Defines the default port ACL.
The access-list-number is a decimal number from 1 to 99 or 1300 to
1999.
Enter deny or permit to specify whether to deny or permit access if
conditions are matched.
The source is the source address of the network or host that sends a
packet, such as this:
• hostname: The 32-bit quantity in dotted-decimal format.
• any: The keyword any as an abbreviation for source and
source-wildcard value of 0.0.0.0 255.255.255.255. You do not
need to enter a source-wildcard value.
• host: The keyword host as an abbreviation for source and
source-wildcard of source 0.0.0.0.
(Optional) Applies the source-wildcard wildcard bits to the source.
(Optional) Enters log to cause an informational logging message about
the packet that matches the entry to be sent to the console.
Enters interface configuration mode.
Configures the default ACL on the port in the input direction.
The acl-id is an access list name or
Note
number.
Returns to global configuration mode.
OL-29048-01