Cisco Secure Acs And Attribute-Value Pairs For The Redirect Url; Cisco Secure Acs And Attribute-Value Pairs For Downloadable Acls - Cisco Catalyst 2960-XR Security Configuration Manual
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Configuring IEEE 802.1x Port-Based Authentication
If you use a custom logo with web authentication and it is stored on an external server, the port ACL must
Note
allow access to the external server before authentication. You must either configure a static port ACL or
change the auth-default-ACL to provide appropriate access to the external server.
Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL
The switch uses these cisco-av-pair VSAs:
• url-redirect is the HTTP or HTTPS URL.
• url-redirect-acl is the switch ACL name or number.
The switch uses the CiscoSecure-defined-ACL attribute value pair to intercept an HTTP or HTTPS request
from the end point. The switch then forwards the client web browser to the specified redirect address. The
url-redirect AV pair on the Cisco Secure ACS contains the URL to which the web browser is redirected. The
url-redirect-acl attribute value pair contains the name or number of an ACL that specifies the HTTP or HTTPS
traffic to redirect.
Note
• Traffic that matches a permit ACE in the ACL is redirected.
• Define the URL redirect ACL and the default port ACL on the switch.
If a redirect URL is configured for a client on the authentication server, a default port ACL on the connected
client switch port must also be configured
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs
You can set the CiscoSecure-Defined-ACL Attribute-Value (AV) pair on the Cisco Secure ACS with the
RADIUS cisco-av-pair vendor-specific attributes (VSAs). This pair specifies the names of the downloadable
ACLs on the Cisco Secure ACS with the #ACL#-IP-name-number attribute.
• The name is the ACL name.
• The number is the version number (for example, 3f783768).
If a downloadable ACL is configured for a client on the authentication server, a default port ACL on the
connected client switch port must also be configured.
If the default ACL is configured on the switch and the Cisco Secure ACS sends a host-access-policy to the
switch, it applies the policy to traffic from the host connected to a switch port. If the policy does not apply,
the switch applies the default ACL. If the Cisco Secure ACS sends the switch a downloadable ACL, this ACL
takes precedence over the default ACL that is configured on the switch port. However, if the switch receives
an host access policy from the Cisco Secure ACS but the default ACL is not configured, the authorization
failure is declared.
OL-29434-01
802.1x Authentication with Downloadable ACLs and Redirect URLs
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
231
Advertisement
Table of Contents
