EasyManua.ls Logo

Cisco Catalyst 3550

Cisco Catalyst 3550
794 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
2-87
Catalyst 3550 Multilayer Switch Command Reference
OL-8566-02
Chapter 2 Catalyst 3550 Switch Cisco IOS Commands
dot1x critical (interface configuration)
dot1x critical (interface configuration)
Use the dot1x critical interface configuration command to enable the inaccessible authentication bypass
feature, also referred to as critical authentication or the authentication, authorization, and accounting
(AAA) fail policy. You can also configure the access VLAN to which the switch assigns the critical port
when the port is in the critical-authentication state. To disable the feature or return to default, use the no
form of this command.
dot1x critical [recovery action reinitialize | vlan vlan-id]
no dot1x critical [recovery | vlan]
Syntax Description
Defaults The inaccessible authentication bypass feature is disabled.
The recovery action is not configured.
The access VLAN is not configured.
Command Modes Interface configuration
Command History
Usage Guidelines To specify the access VLAN to which the switch assigns a critical port when the port is in the
critical-authentication state, use the vlan vlan-id keywords. The specified type of VLAN must match the
type of port, as follows:
If the critical port is an access port, the VLAN must be an access VLAN.
If the criticalport is a private VLAN host port, the VLAN must be a secondary private VLAN.
If the critical port is a routed port, you can specify a VLAN but this is optional.
If the client is running Windows XP and the critical port to which the client is connected is in the
critical-authentication state, Windows XP might report that the interface is not authenticated.
If the Windows XP client is configured for DHCP and has an IP address from the DHCP server, receiving
an EAP-Success message on a critical port might not re-initiate the DHCP configuration process.
You can configure the inaccessible authentication bypass feature and the restricted VLAN on an
IEEE
802.1x port. If the switch tries to re-authenticate a critical port in a restricted VLAN and all the
RADIUS servers are unavailable, the switch changes the port state to the critical authentication state,
and it remains in the restricted VLAN.
recovery action reinitialize Enable the inaccessible-authentication-bypass recovery feature, and
specify that the recovery action is to authenticate the port when an
authentication server is available.
vlan vlan-id Specify the access VLAN to which the switch can assign a critical
port. The range is from 1 to 4094.
Release Modification
12.2(25)SEE This command was introduced.

Table of Contents

Other manuals for Cisco Catalyst 3550

Preview: Datasheet
Datasheet20 pages
Preview: Getting Started Guide
Getting Started Guide32 pages
Preview: Hardware Installation Guide
Hardware Installation Guide106 pages
Preview: Installation Guide
Installation Guide154 pages

Related product manuals