Step 1 |
enable
|
Enables
privileged EXEC mode.
|
Step 2 |
configure terminal
Device# configure terminal
|
Enters global
configuration mode.
|
Step 3 |
device-tracking policy
name
Device(config)# device-tracking policy policy1
|
Configures a
policy for feature device-tracking and enters device tracking configuration
mode.
|
Step 4 |
trusted-port
Device(config-device-tracking)# trusted-port
|
Configures a
port to become a trusted port.
|
Step 5 |
limit address-count
max-number
Device(config-device-tracking)# limit address-count 100
|
Configures
the maximum number of addresses for a port.
|
Step 6 |
device-role node
Device(config-device-tracking)# device-role node
|
Specifies that
the device attached to the port is a node.
|
Step 7 |
tracking enable
Device(config-device-tracking)# tracking enable
|
Overrides
default tracking behavior.
|
Step 8 |
exit
Device(config-device-tracking)# exit
|
Exits device
tracking configuration mode and enters global configuration mode.
|
Step 9 |
vlan configuration
vlan-id
Device(config)# vlan configuration 20
|
Configures the
VLAN ID and enters VLAN configuration mode.
|
Step 10 |
device-tracking attach-policy
name
Device(config-vlan-config)# device-tracking attach-policy policy1
|
Applies a
policy for feature device-tracking on the VLAN.
|
Step 11 |
ipv6 nd suppress
Device(config-vlan-config)# ipv6 nd suppress
|
Applies the
IPv6 neighbor discovery (ND) suppress feature on the VLAN.
|
Step 12 |
exit
Device(config-vlan-config)# exit
|
Exits VLAN
configuration mode and enters global configuration mode.
|
Step 13 |
interface
type
number
Device(config)# interface GigabitEthernet5/2
|
Configures
the interface and enters interface configuration mode.
|
Step 14 |
switchport
Device(config-if)# switchport
|
Modifies an
interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration.
|
Step 15 |
switchport mode
access
Device(config-if)# switchport
|
Sets the
interface type to access mode.
|
Step 16 |
switchport access
vlan
vlan-id
Device(config-if)# switchport access vlan 20
|
Sets access
mode characteristics of the interface and configures VLAN when the interface is
in access mode.
|
Step 17 |
access-session host-mode
multi-host
Device(config-if)# access-session host-mode multi-host
|
Allows hosts
to gain access to a controlled port and specifies that all subsequent clients
are allowed access after the first client is authenticated.
|
Step 18 |
access-session
closed
Device(config-if)# access-session closed
|
Prevents
preauthentication access on a port.
|
Step 19 |
access-session
port-control auto
Device(config-if)# access-session port-control auto
|
Enables
port-based authentication and causes the port to begin in the unauthorized
state, allowing only Extensible Authentication Protocol over LAN (EAPOL) frames
to be sent and received through the port.
|
Step 20 |
device-tracking
attach-policy
name
Device(config-if)# device-tracking attach-policy policy1
|
Applies a
policy for feature device-tracking on a port.
|
Step 21 |
dot1x pae
authenticator
Device(config-if)# dot1x pae authenticator
|
Enables
dot1x authentication on a port.
|
Step 22 |
service-policy type
control subscriber
policy-name
Device(config-if)# service-policy type control subscriber DOT1X
|
Specifies
the policy-map that is used for sessions that come up on this interface. The
policy-map has rules for authentication and authorization.
|
Step 23 |
end
|
Exits
interface configuration mode and returns to privileged EXEC mode.
|