Chapter 10
Configuring IEEE 802.1x Port-Based Authentication
Command
Step 10
radius-server vsa send authentication Configures the network access server to recognize and use vendor-specific
Step 11
end
Step 12
show ip device tracking all
Step 13
copy running-config startup-config
This example shows how to configure a switch for a downloadable policy:
Switch# config terminal
Enter configuration commands, one per line.
Switch(config)# aaa new-model
Switch(config)# aaa authorization network default group radius
Switch(config)# ip device tracking
Switch(config)# ip access-list extended default_acl
Switch(config-ext-nacl)# permit ip any any
Switch(config-ext-nacl)# exit
Switch(config)# radius-server vsa send authentication
Switch(config)# interface gigabitethernet1/0/2
Switch(config-if)# ip access-group default_acl in
Switch(config-if)# exit
Configuring VLAN ID-based MAC Authentication
Beginning in privileged EXEC mode, follow these steps:
Command
Step 1
configure terminal
Step 2
mab request format attribute 32 vlan access-vlan
Step 3
copy running-config startup-config
There is no show command to confirm the status of VLAN ID-based MAC authentication. You can use
the debug radius accounting privileged EXEC command to confirm the RADIUS attribute 32. For more
information about this command, see the Cisco IOS Debug Command Reference:
http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_q1.html#wp1123741
This example shows how to globally enable VLAN ID-based MAC authentication on a switch:
Switch# configure terminal
Enter configuration commands, one per line.
Switch(config)# mab request format attribute 32 vlan access-vlan
Switch(config-if)# exit
OL-26520-01
Purpose
attributes.
Note
The downloadable ACL must be operational.
Returns to privileged EXEC mode.
Displays information about the entries in the IP device tracking table.
(Optional) Saves your entries in the configuration file.
Purpose
Enter global configuration mode.
Enable VLAN ID-based MAC authentication.
(Optional) Save your entries in the configuration
file.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Configuring 802.1x Authentication
End with CNTL/Z.
End with CNTL/Z.
10-65