40-41
Software Configuration Guide—Release 15.0(2)SG
OL-23818-01
Chapter 40 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Configuring ACS
To configure two Cisco-AV pairs, add the following statements under the user or group Cisco IOS/PIX
6x RADIUS attributes:
url-redirect-acl=urlacl
url-redirect=http://www.cisco.com
Note A default port ACL must be configured on the interface.
Configuring the Switch
To configure the switch for URL redirect, follow these steps:
Step 1 Configure the IP device tracking table.
Switch(config)# ip device tracking
Step 2 Configure RADIUS by using the send authentication command.
Switch(config)# radius-server vsa send authentication
Step 3 Configure the URL redirect ACL (URLACL).
Switch# ip access-list urlacl
10 permit tcp any any
Switch#
Step 4 Configure static ACL (PACL) for the interface.
Switch(config)# int g2/9
Switch(config-if)# ip access-group pacl-4 in
Interface Configuration Example
Switch# show running-configuration int g2/9
Building configuration...
Current configuration : 617 bytes
!
interface GigabitEthernet2/9
switchport
switchport access vlan 29
switchport mode access
switchport voice vlan 1234
access-group mode prefer port
ip access-group pacl-4 in
speed 100
duplex full
authentication event fail action authorize vlan 111
authentication event server dead action authorize vlan 333
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x
authentication port-control auto
authentication timer restart 100
authentication timer reauthenticate 20
authentication timer inactivity 200
mab
