46-76
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Follow these guidelines to configure voice aware 802.1x voice security on the switch:
• You enable voice aware 802.1x security by entering the errdisable detect cause security-violation
shutdown vlan global configuration command. You disable voice aware 802.1x security by entering
the no version of this command. This command applies to all 802.1x-configured ports in the switch.
Note If you do not include the shutdown vlan keywords, the entire port is shut down when it enters the
error-disabled state.
• If you use the errdisable recovery cause security-violation global configuration command to
configure error-disabled recovery, the port is automatically re-enabled. If error-disabled recovery is
not configured for the port, you re-enable it with the shutdown and no-shutdown interface
configuration commands.
• You can re-enable individual VLANs with the clear errdisable interface interface-id vlan
[vlan-list] privileged EXEC command. If you do not specify a range, all VLANs on the port are
enabled.
To enable voice aware 802.1x security, follow these steps, beginning in privileged EXEC mode:
Switch# configure terminal
Switch(config)# errdisable detect cause security-violation shutdown vlan
Switch(config)# errdisable recovery cause security-violation
Switch(config)# errdisable recovery interval interval
Switch(config)# end
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# errdisable detect
cause security-violation shutdown
vlan
Shuts down any VLAN on which a security violation error occurs.
Note If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.
Step 3
Switch(config)# errdisable recovery
cause security-violation
(Optional) Enables automatic per-VLAN error recovery.
Step 4
Switch(config)# errdisable recovery
interval interval
(Optional) Sets a recovery interval (in sec). The interval range is 30 to
86400. The default is 300 sec.
Step 5
Switch(config)# end
Enters exec mode.
Step 6
Switch# clear errdisable interface
interface-id vlan [vlan-list]
(Optional) Reenables individual VLANs that have been error disabled.
• For interface-id specify the port on which to reenable individual
VLANs.
• (Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.
Step 7
Switch(config)# interface
interface-id
Enters interface configuration mode.
Step 8
Switch(config-if)# shutdown
no-shutdown
(Optional) Re-enables an error-disabled VLAN, and clears all
error-disable indications.
Step 9
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 10
Switch# show errdisable detect
Verifies your settings.
Step 11
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
To Next Page
Loading...
Need help?
General
