Cisco Catalyst 4500 Series Software Configuration Manual page 1344

Configuring 802.1X Port-Based Authentication
Command
Step 8 [Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Supervisor Engine 6-E, and
Supervisor Engine 6L-E]
Cisco IOS Release 12.2(50)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release 15.0(1)XO and later
Switch(config-if)# authentication
event server dead action authorize
[vlan vlan-id]
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x critical
or
[Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Supervisor Engine 6-E, and
Supervisor Engine 6L-E]
Cisco IOS Release 15.0(2)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release XE 3.2.0SG and later
Switch(config-if)# [no]
authentication event server dead
action reinitialize [vlan vlan-id]
Step 9 [Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Supervisor Engine 6-E, and
Supervisor Engine 6L-E]
Cisco IOS Release 15.0(2)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release XE 3.2.0SG and later
Switch(config-if)# authentication
event server dead action authorize
voice
Step 10 [Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Supervisor Engine 6-E, and
Supervisor Engine 6L-E]
Cisco IOS Release 12.2(50)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release 15.0(1)XO and later
Switch(config-if)# authentication
event server alive action
reinitialize
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x critical
recovery action reinitialize
Step 11
Switch(config)# end
Step 12
Switch# show dot1x interface
interface-id details
Step 13
Switch# copy running-config
startup-config
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
49-64
Chapter 49
Purpose
Enables the Inaccessible Authentication Bypass feature for data clients
on the port and specifies a VLAN into which data clients are assigned. If
no VLAN is specified, data clients are assigned into the configured data
VLAN on the port.
To disable the feature, use the
no authentication event server dead action authorize vlan interface
configuration command (for earlier releases, use the
no dot1x critical interface configuration command).
Alternatively, starting with Cisco IOS Release 15.0(2)SG you can enable
Inaccessible Authentication Bypass for data clients using the
authentication event server dead action reinitialize vlan interface
configuration command which forces all authorized data clients to be
reauthenticated when RADIUS becomes unavailable and a client attempts
to authenticate. This only applies to data devices. Voice devices are
unaffected.
To disable it, use the no authentication event server dead action
reinitialize vlan interface configuration command.
(Optional) Enables Inaccessible Authentication Bypass for voice clients
on the port. This command applies to Multiple Domain Authentication
and Multiple Authentication modes.
To disable the feature, use the no authentication event server dead
action authorize voice interface configuration command.
(Optional) Specifies that the port should be reinitialized if it is critically
authorized and RADIUS becomes available.
The default is not to reinitialize the port.
Returns to privileged EXEC mode.
(Optional) Verifies your entries.
(Optional) Saves your entries in the configuration file.
Configuring 802.1X Port-Based Authentication