This procedure can be used to provide a host that is attached to a default port with the ability to use DHCP, DNS, and perhaps get to the Internet, while blocking access to internal resources.
When a device connected to that switch port authenticates, an appropriate authorization policy can be applied. Options for authorization policies include downloadable ACLs, dynamic VLAN assignment or security group tags.
- Limited, basic access prior to authentication
- Port ACL applied to the switch interface
- Default port ACL, if no interface ACL exists
- Grant specific access after successful authentication
- dACL received from server
interface GigabitEthernet 0/1 authentication host-mode multi-auth authentication open authentication port-control auto mab dot1x pae authenticator ip access-group default-ACL in
No comments:
Post a Comment