Cisco 3032 Software Configuration Manual page 308

Configuring 802.1x Authentication
Command
Step 6
interface interface-id
Step 7
authentication event server dead
action [ authorize | reinitialize ] vlan
vlan-id
Step 8 dot1x critical [recovery action
reinitialize | vlan vlan-id]
Step 9 end
Step 10 show authentication interface-id
or
show dot1x [interface interface-id]
Step 11
copy running-config startup-config
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet 1/0/1
Switch(config)# radius-server deadtime 60
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical recovery action reinitialize
Switch(config-if)# dot1x critical vlan 20
Switch(config-if)# end
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
9-54
Chapter 9
Purpose
Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the
Configuration Guidelines" section on page
Use these keywords to move hosts on the port if the RADIUS server is
unreachable:
authorize–Move any new hosts trying to authenticate to the
•
user-specified critical VLAN.
reinitialize–Move all authorized hosts on the port to the
•
user-specified critical VLAN.
Enable the inaccessible authentication bypass feature, and use these
keywords to configure the feature:
recovery action reinitialize—Enable the recovery feature, and
•
specify that the recovery action is to authenticate the port when an
authentication server is available.
vlan vlan-id—Specify the access VLAN to which the switch can
•
assign a critical port. The range is from 1 to 4094.
Return to privileged EXEC mode.
(Optional) Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring IEEE 802.1x Port-Based Authentication
"802.1x Authentication
9-34.
OL-12247-04