10-56
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To return to the default value, use the no authentication event retry interface configuration command.
This example shows how to set 2 as the number of authentication attempts allowed before the port moves
to the restricted VLAN:
Switch(config-if)# authentication event retry 2
Configuring Inaccessible Authentication Bypass and Critical Voice VLAN
You can configure the inaccessible bypass feature, also referred to as critical authentication or the AAA
fail policy to allow data traffic to pass through on the native VLAN when the server is not available. You
can also configure the critical voice VLAN feature so that if the server is not available and traffic from
the host is tagged with the voice VLAN, the connected device (the phone) is put in the configured voice
VLAN for the port.
Beginning in privileged EXEC mode, follow these steps to configure critical voice VLAN on a port and
enable the inaccessible authentication bypass feature.
Step 5
authentication event fail action
authorize vlan-id
Specify an active VLAN as an 802.1x restricted VLAN. The range is
1 to 4094.
You can configure any active VLAN except an RSPAN VLAN or a voice
VLAN as an 802.1x restricted VLAN.
Step 6
authentication event retry retry count Specify a number of authentication attempts to allow before a port moves
to the restricted VLAN. The range is 1 to 3, and the default is 3.
Step 7
end Return to privileged EXEC mode.
Step 8
show authentication interface
interface-id
(Optional) Verify your entries.
Step 9
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enters global configuration mode.
Step 2
radius-server dead-criteria
time time tries tries
Sets the conditions that are used to decide when a RADIUS server is considered
unavailable or down (dead).
• The range for time is from 1 to 120 seconds. The switch dynamically determines
a default seconds value between 10 and 60 seconds.
• The range for tries is from 1 to 100. The switch dynamically determines a default
tries parameter between 10 and 100.
Step 3
radius-server deadtime
minutes
(Optional) Sets the number of minutes during which a RADIUS server is not sent
requests. The range is from 0 to 1440 minutes (24 hours). The default is 0 minutes.
To Next Page
Loading...
