46-64
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
QuietPeriod = 60
ServerTimeout = 30
SuppTimeout = 30
ReAuthPeriod = 3600 (Locally configured)
ReAuthMax = 2
MaxReq = 2
TxPeriod = 1
RateLimitPeriod = 0
Mac-Auth-Bypass = Enabled
Dot1x Authenticator Client List
-------------------------------
Supplicant = 0000.0000.0001
Auth SM State = AUTHENTICATED
Auth BEND SM Stat = IDLE
Port Status = AUTHORIZED
Authentication Method = MAB
Authorized By = Authentication Server
Vlan Policy = N/A
Switch#
Configuring 802.1X with Inaccessible Authentication Bypass
Caution You must configure the switch to monitor the state of the RADIUS server as described in the section
Configuring Switch-to-RADIUS-Server Communication, page 46-35 for Inaccessible Authentication
Bypass to work properly. Specifically, you must configure the RADIUS test username, idle-time,
deadtime and dead-criteria. Failure to do so results in the switch failing to detect that the RADIUS server
has gone down, or prematurely marking a dead RADIUS server as alive again.
To configure a port as a critical port and to enable the Inaccessible Authentication Bypass feature,
perform this task:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# dot1x critical
eapol
(Optional) Configures whether to send an EAPOL-Success packet when
a port is critically authorized partway through an EAP exchange.
Note Some supplicants require this.
The default is not to send EAPOL-Success packets when a port is
critically authorized partway through an EAP exchange. If there is no
ongoing EAP exchange at the time when a port is critically authorized,
EAPOL-Success packet is always sent out regardless of this option.
To Next Page
Loading...
Need help?
General
