EasyManuals Logo
Home>Cisco>Switch>Catalyst 250 Series

Cisco Catalyst 250 Series User Manual

Cisco Catalyst 250 Series
498 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #306 background imageLoading...
Page #306 background image
profile on the AAA server or on the switch. To configure the directive on the AAA server, use the
authz-directive =<open/default> global command. To configure the directive on the switch, use the epm
access-control open global configuration command.
The default value of the directive is default.
Note
If a host falls back to web authentication on a port without a configured ACL:
•
If the port is in open authentication mode, the auth-default-ACL-OPEN is created.
•
If the port is in closed authentication mode, the auth-default-ACL is created.
The access control entries (ACEs) in the fallback ACL are converted to per-user entries. If the configured
fallback profile does not include a fallback ACL, the host is subject to the auth-default-ACL associated with
the port.
If you use a custom logo with web authentication and it is stored on an external server, the port ACL must
allow access to the external server before authentication. You must either configure a static port ACL or
change the auth-default-ACL to provide appropriate access to the external server.
Note
Cisco Secure ACS and Attribute-Value Pairs for the Redirect URL
The switch uses these cisco-av-pair VSAs:
•
url-redirect is the HTTP or HTTPS URL.
•
url-redirect-acl is the switch ACL name or number.
The switch uses the CiscoSecure-defined-ACL attribute value pair to intercept an HTTP or HTTPS request
from the end point. The switch then forwards the client web browser to the specified redirect address. The
url-redirect AV pair on the Cisco Secure ACS contains the URL to which the web browser is redirected. The
url-redirect-acl attribute value pair contains the name or number of an ACL that specifies the HTTP or HTTPS
traffic to redirect.
Note
•
Traffic that matches a permit ACE in the ACL is redirected.
•
Define the URL redirect ACL and the default port ACL on the switch.
If a redirect URL is configured for a client on the authentication server, a default port ACL on the connected
client switch port must also be configured
Cisco Secure ACS and Attribute-Value Pairs for Downloadable ACLs
You can set the CiscoSecure-Defined-ACL Attribute-Value (AV) pair on the Cisco Secure ACS with the
RADIUS cisco-av-pair vendor-specific attributes (VSAs). This pair specifies the names of the downloadable
ACLs on the Cisco Secure ACS with the #ACL#-IP-name-number attribute.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
282 OL-29048-01
Configuring IEEE 802.1x Port-Based Authentication
802.1x Authentication with Downloadable ACLs and Redirect URLs

Table of Contents

Other manuals for Cisco Catalyst 250 Series

Preview: Hardware Installation Guide
Hardware Installation Guide102 pages
Preview: Configuration Guide
Configuration Guide118 pages
Preview: Getting Started Guide
Getting Started Guide26 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 250 Series and is the answer not in the manual?

Cisco Catalyst 250 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 250 Series
CategorySwitch
LanguageEnglish

Related product manuals