Cisco Systems IE 2000 Manual

A SERVICE OF

next previous

13-49

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Chapter 13 Configuring IEEE 802.1x Port-Based Authentication

How to Configure IEEE 802.1x Port-Based Authentication

Configuring a Downloadable Policy

Step 6

interface interface-id Specifies the port to be configured, and enters interface

configuration mode.

Step 7

ip access-group acl-id in Configures the default ACL on the port in the input direction.

Note The acl-id is an access list name or number.

Step 8

show running-config interface interface-id Verifies your configuration.

Step 9

copy running-config startup-config (Optional) Saves your entries in the configuration file.

Command Purpose

Step 1

configure terminal Enters global configuration mode.

Step 2

access-list access-list-number deny

source [source-wildcard log]

Defines the default port ACL by using a source address and wildcard.

The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.

deny or permit—Specifies whether to deny or permit access if conditions

are matched.

source—Specifies the source address of the network or host that sends a

packet:

• The 32-bit quantity in dotted-decimal format.

• The keyword any as an abbreviation for source and source-wildcard

value of 0.0.0.0 255.255.255.255. You do not need to enter a

source-wildcard value.

• The keyword host as an abbreviation for source and source-wildcard

of source 0.0.0.0.

(Optional) source-wildcard—Applies the wildcard bits to the source.

(Optional) log—Creates an informational logging message about the

packet that matches the entry to be sent to the console.

Step 3

interface interface-id Enters interface configuration mode.

Step 4

ip access-group acl-id in Configures the default ACL on the port in the input direction.

Note The acl-id is an access list name or number.

Step 5

exit Returns to global configuration mode.

Step 6

aaa new-model Enables AAA.

Step 7

aaa authorization network default

group radius

Sets the authorization method to local. To remove the authorization

method, use the no aaa authorization network default group radius

command.

Step 8

ip device tracking Enables the IP device tracking table.

To disable the IP device tracking table, use the no ip device tracking

global configuration commands.

Command Purpose