44-61
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 44 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Step 3
[Catalyst 4900M, Catalyst 4948E, Supervisor
Engine 6-E, and Supervisor Engine 6L-E]
Cisco IOS Release 12.2(50)SG and later
[Supervisor Engine 7-E and Supervisor
Engine 7L-E]
Cisco IOS Release 15.0(1)X and later
Switch(config)# authentication
critical recovery delay msec
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config)# dot1x critical
recovery delay msec
(Optional) Specifies a throttle rate for the reinitialization of critically
authorized ports when the RADIUS server becomes available. The default
throttle rate is 100 milliseconds. This means that 10 ports reinitialize per
second.
Step 4
Switch(config)# interface
interface-id
Specifies the port to be configured and enters interface configuration
mode.
Step 5
Switch(config-if)# switchport mode
access
or
Switch(config-if)# switchport mode
private-vlan host
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Specifies that the ports with a valid PVLAN trunk association become active
host PVLAN trunk ports.
Step 6
Switch(config-if)# dot1x pae
authenticator
Enables 802.1X authentication on the port with default parameters.
Refer to the “Default 802.1X Configuration” section on page 44-27.
Step 7
Switch(config-if)# authentication
port-control auto
Enables 802.1X authentication on the interface.
Step 8
[Catalyst 4900M, Catalyst 4948E, Supervisor
Engine 6-E, and Supervisor Engine 6L-E]
Cisco IOS Release 12.2(50)SG and later
[Supervisor Engine 7-E and Supervisor
Engine 7L-E]
Cisco IOS Release 15.0(1)XO and later
Switch(config-if)# authentication
event server dead action authorize
[vlan vlan-id]
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x critical
or
[Catalyst 4900M, Catalyst 4948E, Supervisor
Engine 6-E, and Supervisor Engine 6L-E]
Cisco IOS Release 15.0(2)SG and later
Supervisor Engine 7-E and Supervisor
Engine 7L-E]
Cisco IOS Release XE 3.2.0SG and later
Switch(config-if)# [no]
authentication event server dead
action reinitialize [vlan vlan-id]
Enables the Inaccessible Authentication Bypass feature for data clients
on the port and specifies a VLAN into which data clients are assigned. If
no VLAN is specified, data clients are assigned into the configured data
VLAN on the port.
To disable the feature, use the
no authentication event server dead action authorize vlan interface
configuration command (for earlier releases, use the
no dot1x critical interface configuration command).
Alternatively, starting with Cisco IOS Release 15.0(2)SG you can enable
Inaccessible Authentication Bypass for data clients using the
authentication event server dead action reinitialize vlan interface
configuration command which forces all authorized data clients to be
reauthenticated when RADIUS becomes unavailable and a client attempts
to authenticate. This only applies to data devices. Voice devices are
unaffected.
To disable it, use the no authentication event server dead action
reinitialize vlan interface configuration command.
Command Purpose
To Next Page
Loading...
