13-48
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 13 Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more
information, see the Cisco Secure ACS configuration guides.
Note You must configure a downloadable ACL on the ACS before downloading it to the switch.

Configuring Downloadable ACLs

The policies take effect after client authentication and the client IP address addition to the IP device
tracking table. The switch then applies the downloadable ACL to the port.
Step 3 dot1x credentials profile Creates 802.1x credentials profile. This must be attached to the port that
is configured as supplicant.
Step 4 username suppswitch Creates a username.
Step 5 password password Creates a password for the new username.
Step 6 dot1x supplicant force-multicast Forces the switch to send only multicast EAPOL packets when it
receives either unicast or multicast packets.
This also allows NEAT to work on the supplicant switch in all host
modes.
Step 7 interface interface-id Specifies the port to be configured, and enters interface configuration
mode.
Step 8 switchport trunk encapsulation
dot1q
Sets the port to trunk mode.
Step 9 switchport mode trunk Configures the interface as a VLAN trunk port.
Step 10 dot1x pae supplicant Configures the interface as a port access entity (PAE) supplicant.
Step 11 dot1x credentials profile-name Attaches the 802.1x credentials profile to the interface.
Step 12 end Returns to privileged EXEC mode.
Step 13 show running-config interface
interface-id
Verifies your configuration.
Step 14 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
Command Purpose
Step 1 configure terminal Enters global configuration mode.
Step 2 ip device tracking Configures the IP device tracking table.
Step 3 aaa new-model Enables AAA.
Step 4 aaa authorization network default group
radius
Sets the authorization method to local. To remove the
authorization method, use the no aaa authorization network
default group radius command.
Step 5 radius-server vsa send authentication Configures the RADIUS VSA send authentication.