Cisco Catalyst 2960 Series

To Next Page

To Previous Page

PurposeCommand or Action

Specifies an active VLAN as an 802.1x restricted VLAN.

The range is 1 to 4094.

authentication event fail action authorize vlan vlan-id

Example:

Switch(config-if)# authentication event fail

Step 5

You can configure any active VLAN except an internal

VLAN (routed port), an RSPAN VLAN or a voice VLAN

as an 802.1x restricted VLAN.

action authorize vlan 8

Specifies a number of authentication attempts to allow

before a port moves to the restricted VLAN. The range is

1 to 3, and the default is 3.

authentication event retry retry count

Example:

Switch(config-if)# authentication event retry

Step 6

Returns to privileged EXEC mode.end

Example:

Switch(config-if)# end

Step 7

Configuring 802.1x Inaccessible Authentication Bypass with Critical Voice VLAN

Beginning in privileged EXEC mode, follow these steps to configure critical voice VLAN on a port and enable

the inaccessible authentication bypass feature.

SUMMARY STEPS

configure terminal

aaa new-model

radius-server dead-criteria{time seconds } [tries number]

radius-serverdeadtimeminutes

radius-server host ip-address address[acct-port udp-port][auth-port udp-port] [testusername

name[idle-time time] [ignore-acct-port][ignore auth-port]] [key string]

dot1x critical {eapol | recovery delay milliseconds}

interface interface-id

authentication event server dead action {authorize | reinitialize} vlan vlan-id]

switchport voice vlan vlan-id

10.

authentication event server dead action authorize voice

11.

show authentication interface interface-id

12.

copy running-config startup-config

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)

1383

How to Configure 802.1x Port-Based Authentication

Main Page

Table of Contents

Other manuals for Cisco Catalyst 2960 Series

Related product manuals