Cisco Catalyst 2960-XR - Example of Configuring Inaccessible Authentication Bypass

To Next Page

To Previous Page

PurposeCommand or Action

(Optional) Configures the parameters for inaccessible authentication bypass:dot1x critical {eapol | recovery delay

milliseconds}

Step 5

eapol—Specifies that the switch sends an EAPOL-Success message when the

switch successfully authenticates the critical port.

Example:

Switch(config)# dot1x critical eapol

recovery delay milliseconds—Sets the recovery delay period during which

the switch waits to re-initialize a critical port when a RADIUS server that was

recovery delay 2000

unavailable becomes available. The range is from 1 to 10000 milliseconds.

The default is 1000 milliseconds (a port can be re-initialized every second).

Specify the port to be configured, and enter interface configuration mode.

interface interface-id

Example:

Switch(config)# interface

Step 6

gigabitethernet 1/0/1

Moves hosts on the port if the RADIUS server is unreachable:authentication event server dead action

{authorize | reinitialize} vlan vlan-id]

Step 7

• authorize–Moves any new hosts trying to authenticate to the

user-specified critical VLAN.

Example:

Switch(config-if)# authentication

• reinitialize–Moves all authorized hosts on the port to the user-specified

critical VLAN.

event server dead action

reinitialize vlan 5

Enables the inaccessible authentication bypass feature, and use these keywords

to configure the feature:

dot1x critical [recovery action

reinitialize | vlan vlan-id]

Step 8

Example:

Switch(config-if)# dot1x critical

• authorize—Authorizes the port.

• reinitialize—Reinitializes all authorized clients.

recovery action reinitialize

Returns to privileged EXEC mode.end

Example:

Switch(config-if)# end

Step 9

Example of Configuring Inaccessible Authentication Bypass

This example shows how to configure the inaccessible authentication bypass feature:

Switch(config)# radius-server dead-criteria time 30 tries 20

Switch(config)# radius-server deadtime 60

Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username user1

idle-time 30 key abc1234

Switch(config)# dot1x critical eapol

Switch(config)# dot1x critical recovery delay 2000

Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1

276 OL-29434-01

Configuring IEEE 802.1x Port-Based Authentication

Configuring the Inaccessible Authentication Bypass Feature

Main Page

Cisco Catalyst 2960-XR - Example of Configuring Inaccessible Authentication Bypass

Table of Contents

Other manuals for Cisco Catalyst 2960-XR

Related product manuals