dot1x critical
If all RADIUS authentication servers fail to respond and no other methods are configured in the
effective 802.1x authentication method list, the user authentication fails and the network is
inaccessible by default. In this case, the Inaccessible Authentication Bypass (IAB) function can be
enabled on the interface to allow users to access the network.
dot1x critical
no dot1x critical
After the IAB function is enabled on the interface, if only the RADIUS authentication
method is configured in the 802.1x authentication method list and all RADIUS
servers in this method list fail, the switch will use IAB method to authorize users to
access the network and send the EAPOL-SUCCESS packet to users.
If there are other authentication methods in the 802.1x authentication method list in
addition to the RADIUS authentication method, the IAB function will not be enabled.
(Such as the aaa authentication dot1x default group radius none, there is the
none authentication method in addition to the RADIUS authentication method.
For users authorized through IAB, if their identities cannot be authenticated, the
switch will not send the accounting request no matter whether the switch is
configured with the accounting function.
When the AAA multi-domain authentication is enabled globally, the 802.1x user
authentication will not use the globally configured method list. Given that IAB
function will send the message of successful authentication to uses directly after it
confirms that all RADIUS servers in the 802.1x globally configured method list fail
and does not need to enter the usernames, the AAA multi-domain authentication
will fail on this interface.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# interface fa 0/10
Ruijie(config-if)# dot1x port-control auto
Ruijie(config-if)# dot1x critical
To Next Page
Loading...
Need help?
General