61-5
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 1 Configuring Identity Policies
802.1x Policy Page
Step 3 In the Virtual Template field, enter the name of the interface or interface role that serves as the untrusted,
virtual interface for carrying unauthenticated traffic, or click Select to select an interface role from a list
or to create a new role. For more information, see Specifying Interfaces During Policy Definition,
page 6-70.
Note Integrated Services Routers (ISRs), such as the Cisco 800, 1800, 1900, 2800, 2900, 3800, and
3900 Series, automatically use VLANs to carry unauthenticated traffic. If you define a virtual
template, however, it is used in place of the VLAN.
Note Deployment might fail if PPP is defined on the virtual template defined here. See Defining PPP
Connections, page 59-71.
Step 4 Enter the name of the interface or interface role that serves as the trusted, physical interface for carrying
authenticated traffic, or click Select to select a role from a list.
The interface role you select should represent the internal protected interface that was configured as part
of the VPN topology and no other physical interface on the selected router. For more information, see
Defining the Endpoints and Protected Networks, page 24-33.
Step 5 (Optional) Modify the defaults of the physical interface used for 802.1x authentication. See Table 61-1
on page 61-6 for details.
802.1x Policy Page
Use the 802.1x policy page to create policies that limit VPN access to authorized users. Authenticated
traffic is allowed to pass through a designated physical interface on the router. Unauthenticated traffic is
allowed to pass through a virtual interface to the Internet but is not allowed to access the VPN.
For more information, see Defining 802.1x Policies, page 61-4.
Note 802.1x policies require DHCP address pools in order to assign IP addresses to clients. You define these
pools by defining a DHCP policy on the same router. See DHCP Policy Page, page 60-92.
Navigation Path
(Device view) Select Platform > Identity > 802.1x from the Policy selector.
(Policy view) Select Router Platform > Identity > 802.1x from the Policy Type selector.
Right-click 802.1x to create a policy, or select an existing policy from the Shared Policy selector.
Related Topics
802.1x on Cisco IOS Routers, page 61-1
Understanding AAA Server and Server Group Objects, page 6-24
Basic Interface Settings on Cisco IOS Routers, page 59-1
Understanding Interface Role Objects, page 6-67