DETAILED STEPS
PurposeCommand or Action
Enter global configuration mode.configure terminal
Step 1
Shut down any VLAN on which a security violation error occurs.errdisable detect cause security-violation
shutdown vlan
Step 2
If the shutdown vlan keywords are not included, the entire
port enters the error-disabled state and shuts down.
Note
Enter global configuration mode.errdisable recovery cause
security-violation
Step 3
(Optional) Reenable individual VLANs that have been error disabled.
clear errdisable interfaceinterface-id vlan
[vlan-list]
Step 4
•
For interface-id specify the port on which to reenable individual
VLANs.
•
(Optional) For vlan-list specify a list of VLANs to be re-enabled.
If vlan-list is not specified, all VLANs are re-enabled.
(Optional) Re-enable an error-disabled VLAN, and clear all
error-disable indications.
Enter the following:
Step 5
•
shutdown
•
no shutdown
Return to privileged EXEC mode.end
Step 6
Verify your entries.show errdisable detect
Step 7
This example shows how to configure the switch to shut down any VLAN on which a security violation error
occurs:
Switch(config)# errdisable detect cause security-violation shutdown vlan
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 40/2.
Switch# clear errdisable interface gigabitethernet4/0/2
vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Related Topics
Voice Aware 802.1x Security, on page 1351
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from a
new device when:
•
a device connects to an 802.1x-enabled port
•
the maximum number of allowed about devices have been authenticated on the port
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1359
How to Configure 802.1x Port-Based Authentication
To Next Page
Loading...
Need help?
General
