Cisco Systems 3560 Manual De Usuario

This example shows how to configure a switch as a supplicant:

Switch# configure terminal

Switch(config)# cisp enable

Switch(config)# dot1x credentials test

Switch(config)# username suppswitch

Switch(config)# 

Switch(config)# interface gigabitethernet 1/0/1

Switch(config-if)# switchport trunk encapsulation dot1q

Switch(config-if)# dot1x pae supplicant

Switch(config-if)# dot1x credentials test

 

Switch(config-if)# end

In addition to configuring 802.1x authentication on the switch, you need to configure the ACS. For more 
information, see the 

Cisco Secure ACS configuration guides

.

You must configure a downloadable ACL on the ACS before downloading it to the switch. 

After authentication on the port, you can use the show ip access-list privileged EXEC command to 
display the downloaded ACLs on the port.

The policies take effect after client authentication and the client IP address addition to the IP device 
tracking table. The switch then applies the downloadable ACL to the port.

Beginning in privileged EXEC mode:

Enter global configuration mode.

Configure the ip device tracking table.

Enables AAA.

Sets the authorization method to local. To remove the 
authorization method, use the no aaa authorization network 
default group radius command.

Configure the radius vsa send authentication.

interface interface-id

Specify the port to be configured, and enter interface 
configuration mode.

ip access-group acl-id in

Configure the default ACL on the port in the input direction.

The acl-id is an access list name or number.

show running-config interface interface-id

Verify your configuration.

(Optional) Save your entries in the configuration file.