Enable AAA on the switch:
ASW1(config)#aaa new-model
The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.
Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123
ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.
Enable 802.1x on the switch:
ASW1(config)#dot1x system-auth-control
Configure Fa0/1 to use 802.1x:
ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#switchport access Vlan 20ASW1(config-if)#switchport mode access
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.
ASW1(config-if)#exit
2) Configure DSW1:
Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-ext-nacl)#exit
Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit
DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit
Apply a vlan-map into a vlan:DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)
I failed my first attempt.. : ) I will try in a couple weeks.. Any suggestions about these configs. Things I need to what for ?
ReplyDeletewatch for ?
ReplyDelete