Configuring 802.1x Authentication
Configuring NEAT with ASP
You can also use an AutoSmart Ports user-defined macro instead of the switch VSA to configure the
authenticator switch. For more information, see the
Configuring 802.1x Authentication with Downloadable ACLs and Redirect URLs
In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more
information, see the
You must configure a downloadable ACL on the ACS before downloading it to the switch.
Note
After authentication on the port, you can use the show ip access-list privileged EXEC command to
display the downloaded ACLs on the port.
Configuring Downloadable ACLs
The policies take effect after client authentication and the client IP address addition to the IP device
tracking table. The switch then applies the downloadable ACL to the port.
Beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
ip device tracking
Step 3
aaa new-model
Step 4
aaa authorization network default group
radius
Step 5
radius-server vsa send authentication
Step 6
interface interface-id
Step 7
ip access-group acl-id in
Step 8
show running-config interface interface-id
Step 9
copy running-config startup-config
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
9-60
Cisco Secure ACS configuration
Purpose
Enter global configuration mode.
Configure the ip device tracking table.
Enables AAA.
Sets the authorization method to local. To remove the
authorization method, use the no aaa authorization network
default group radius command.
Configure the radius vsa send authentication.
Specify the port to be configured, and enter interface
configuration mode.
Configure the default ACL on the port in the input direction.
Note
The acl-id is an access list name or number.
Verify your configuration.
(Optional) Save your entries in the configuration file.
Chapter 9
Configuring IEEE 802.1x Port-Based Authentication
Chapter 12, "Configuring Smartports Macros."
guides.
OL-12247-04