PurposeCommand or Action
Specifies an active VLAN as an 802.1x restricted VLAN.
The range is 1 to 4094.
authentication event fail action authorize vlan vlan-id
Example:
Switch(config-if)# authentication event fail
Step 5
You can configure any active VLAN except an internal
VLAN (routed port), an RSPAN VLAN or a voice VLAN
as an 802.1x restricted VLAN.
action authorize vlan 8
Specifies a number of authentication attempts to allow
before a port moves to the restricted VLAN. The range is
1 to 3, and the default is 3.
authentication event retry retry count
Example:
Switch(config-if)# authentication event retry
Step 6
2
Returns to privileged EXEC mode.end
Example:
Switch(config-if)# end
Step 7
Configuring 802.1x Inaccessible Authentication Bypass with Critical Voice VLAN
Beginning in privileged EXEC mode, follow these steps to configure critical voice VLAN on a port and enable
the inaccessible authentication bypass feature.
SUMMARY STEPS
1.
configure terminal
2.
aaa new-model
3.
radius-server dead-criteria{time seconds } [tries number]
4.
radius-serverdeadtimeminutes
5.
radius-server host ip-address address[acct-port udp-port][auth-port udp-port] [testusername
name[idle-time time] [ignore-acct-port][ignore auth-port]] [key string]
6.
dot1x critical {eapol | recovery delay milliseconds}
7.
interface interface-id
8.
authentication event server dead action {authorize | reinitialize} vlan vlan-id]
9.
switchport voice vlan vlan-id
10.
authentication event server dead action authorize voice
11.
show authentication interface interface-id
12.
copy running-config startup-config
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1383
How to Configure 802.1x Port-Based Authentication
To Next Page
Loading...
Need help?
General
