EasyManuals Logo
Home>Cisco>Switch>WS-C6506

Cisco WS-C6506 User Manual

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #513 background imageLoading...
Page #513 background image
15-117
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 15 Configuring Access Control
Downloadable ACLs
Configuring a Downloaded ACL for dot1x
To configure a downloaded ACL for dot1x without an IP phone, perform these steps:
Step 1 Create a base ACL with an include dot1x keyword.
Console> (enable) set security acl ip dacl1x permit arp-inspection any any
dacl1x editbuffer modified. Use 'commit' command to apply changes.
Console> (enable) set security acl ip dacl1x permit dhcp-snooping
Successfully configured DHCP Snooping for ACL dacl1x. Use 'commit' command to save
changes.
Console> (enable) set security acl ip dacl1x include downloaded-acl dot1x
Successfully configured placeholder download ACL dacl1x. Use 'commit' command to save
changes.
Console> (enable) commit security acl all
Commit operation in progress.
Step 2 Set the security-acl mode on the port used for authentication to port-based mode.
Console> (enable) set port security-acl 5/35 port-based
Warning: Vlan-based ACL features will be disabled on ports 5/35
ACL interface is set to port-based mode for port(s) 5/35.
Step 3 Map the base ACL (with the include keyword) to that port.
Console> (enable) set security acl map dacl1x 5/35
Mapping in progress.
ACL dacl1x successfully mapped to port(s) 5/35
Step 4 Enable dot1x globally and on that port.
Console> (enable) set dot1x system-auth-control enable
Dot1x is globally enabled.
Configured RADIUS servers will be used for dot1x authentication.
Console> (enable) set port dot1x 5/35 port-control auto
Port 5/5 dot1x port-control is set to auto.
Trunking disabled for port 5/35 due to Dot1x feature.
Spantree port fast start option enabled for port 5/35.
Step 5 Display the port security settings for the configured port.
Console> (enable) show port security-acl 5/35
Port Interface Type Interface Type Interface Merge Status
config runtime runtime
----- -------------- -------------- ----------------------
5/35 port-based port-based not applicable
Config:
Port ACL name Type
----- -------------------------------- ----
5/35 dacl1x IP
Runtime:
Port ACL name Type
----- -------------------------------- ----
5/35 dacl1x IP
dhcp-snooping:
Port Trust Source-Guard Source-Guarded IP Addresses
----- ----------- ------------ ---------------------------
5/35 untrusted disabled
Port Binding Limit No. of Existing Bindings

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco WS-C6506 and is the answer not in the manual?

Cisco WS-C6506 Specifications

General IconGeneral
BrandCisco
ModelWS-C6506
CategorySwitch
LanguageEnglish

Related product manuals