10-65
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Configuring Downloadable ACLs
The policies take effect after client authentication and the client IP address addition to the IP device
tracking table. The switch then applies the downloadable ACL to the port.
Beginning in privileged EXEC mode:
Configuring a Downloadable Policy
Beginning in privileged EXEC mode:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 ip device tracking Configure the ip device tracking table.
Step3 aaa new-model Enables AAA.
Step4 aaa authorization network default group
radius
Sets the authorization method to local. To remove the
authorization method, use the no aaa authorization network
default group radius command.
Step5 radius-server vsa send authentication Configure the radius vsa send authentication.
Step6 interface interface-id Specify the port to be configured, and enter interface
configuration mode.
Step7 ip access-group acl-id in Configure the default ACL on the port in the input direction.
Note The acl-id is an access list name or number.
Step8 show running-config interface interface-id Verify your configuration.
Step9 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 access-list access-list-number deny
source source-wildcard log
Defines the default port ACL by using a source address and wildcard.
The access-list-number is a decimal number from 1 to 99 or 1300 to 1999.
Enter deny or permit to specify whether to deny or permit access if
conditions are matched.
The source is the source address of the network or host that sends a packet,
such as this:
The 32-bit quantity in dotted-decimal format.
The keyword any as an abbreviation for source and source-wildcard
value of 0.0.0.0 255.255.255.255. You do not need to enter a
source-wildcard value.
The keyword host as an abbreviation for source and source-wildcard
of source 0.0.0.0.
(Optional) Applies the source-wildcard wildcard bits to the source.
(Optional) Enters log to cause an informational logging message about the
packet that matches the entry to be sent to the console.