beautypg.com

Dell POWEREDGE M1000E User Manual

Page 279

background image

10-17

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Understanding IEEE 802.1x Port-Based Authentication

To configure per-user ACLs, you need to perform these tasks:

Enable AAA authentication.

Enable AAA authorization by using the network keyword to allow interface configuration from the
RADIUS server.

Enable IEEE 802.1x authentication.

Configure the user profile and VSAs on the RADIUS server.

Configure the IEEE 802.1x port for single-host mode.

802.1x Authentication with Downloadable ACLs and Redirect URLs

You can download ACLs and redirect URLs from a RADIUS server to the switch during 802.1x
authentication or MAC authentication bypass of the host. You can also download ACLs during web
authentication.

Note

A downloadable ACL is also referred to as a dACL.

If the host mode is single-host, MDA, or multiple-authentication mode, the switch modifies the source
address of the ACL to be the host IP address.

Note

A port in multiple-host mode does not support the downloadable ACL and redirect URL feature.

You can apply the ACLs and redirect URLs to all the devices connected to the 802.1x-enabled port.

If no ACLs are downloaded during 802.1x authentication, the switch applies the static default ACL on
the port to the host. On a voice VLAN port, the switch applies the ACL only to the phone.

Note

If a downloadable ACL or redirect URL is configured for a client on the authentication server, a default
port ACL on the connected client switch port must also be configured.

Cisco Secure ACS and Attribute-Value Pairs for the

Redirect URL

The switch uses these cisco-av-pair VSAs:

url-redirect is the HTTP to HTTPS URL.

url-redirect-acl is the switch ACL name or number.

The switch uses the CiscoSecure-Defined-ACL AV pair to intercept an HTTP or HTTPS request from
the endpoint device. The switch then forwards the client web browser to the specified redirect address.
The url-redirect AV pair on the Cisco Secure ACS contains the URL to which the web browser is
redirected. The url-redirect-acl AV pair contains the name or number of an ACL that specifies the HTTP
or HTTPS traffic to redirect. Traffic that matches a permit ACE in the ACL is redirected.

Note

Define the URL redirect ACL and the default port ACL on the switch.

If a redirect URL configured for a client on the authentication server, a default port ACL on the
connected client switch port must also be configured.

See also other documents in the category Dell Computer Accessories: