PurposeCommand or Action
(Optional) Re-enable an error-disabled VLAN, and clear all
error-disable indications.
Enter the following:
Step 5
•
shutdown
•
no shutdown
Return to privileged EXEC mode.end
Step 6
Verify your entries.show errdisable detect
Step 7
This example shows how to configure the switch to shut down any VLAN on which a security violation error
occurs:
Switch(config)# errdisable detect cause security-violation shutdown vlan
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 40/2.
Switch# clear errdisable interface gigabitethernet4/0/2
vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Related Topics
Voice Aware 802.1x Security, on page 295
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from a
new device when:
•
a device connects to an 802.1x-enabled port
•
the maximum number of allowed about devices have been authenticated on the port
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on the
switch:
SUMMARY STEPS
1.
configure terminal
2.
aaa new-model
3.
aaa authentication dot1x {default} method1
4.
interface interface-id
5.
switchport mode access
6.
authentication violation {shutdown | restrict | protect | replace}
7.
end
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
304 OL-29048-01
Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Violation Modes
To Next Page
Loading...
