13-49
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 13 Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring a Downloadable Policy
Step 6 interface interface-id Specifies the port to be configured, and enters interface
configuration mode.
Step 7 ip access-group acl-id in Configures the default ACL on the port in the input direction.
Note The acl-id is an access list name or number.
Step 8 show running-config interface interface-id Verifies your configuration.
Step 9 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
Step 1 configure terminal Enters global configuration mode.
Step 2 access-list access-list-number deny
source [source-wildcard log]
Defines the default port ACL by using a source address and wildcard.
The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.
deny or permit—Specifies whether to deny or permit access if conditions
are matched.
source—Specifies the source address of the network or host that sends a
packet:
The 32-bit quantity in dotted-decimal format.
The keyword any as an abbreviation for source and source-wildcard
value of 0.0.0.0 255.255.255.255. You do not need to enter a
source-wildcard value.
The keyword host as an abbreviation for source and source-wildcard
of source 0.0.0.0.
(Optional) source-wildcard—Applies the wildcard bits to the source.
(Optional) log—Creates an informational logging message abou t the
packet that matches the entry to be sent to the console.
Step 3 interface interface-id Enters interface configuration mode.
Step 4 ip access-group acl-id in Configures the default ACL on the port in the input direction.
Note The acl-id is an access list name or number.
Step 5 exit Returns to global configuration mode.
Step 6 aaa new-model Enables AAA.
Step 7 aaa authorization network default
group radius
Sets the authorization method to local. To remove the authorization
method, use the no aaa authorization network default group radius
command.
Step 8 ip device tracking Enables the IP device tracking table.
To disable the IP device tracking table, use the no ip device tracking
global configuration commands.
Command Purpose