Configuring An Authenticator Switch With Neat - Cisco Catalyst 2960-X Security Configuration Manual

Configuring an Authenticator Switch with NEAT

Command or Action
Step 5
aaa authentication rejected n in m ban x
Example:
Device(config)# aaa authentication rejected
3 in 20 ban 300
Step 6
end
Example:
Device(config)# end
Step 7
show aaa local user blocked
Example:
Device# show aaa local user blocked
Step 8 clear aaa local user blocked username username
Example:
Device# clear aaa local user blocked
username user1
The following is sample output from the show aaa local user blocked command:
Device# show aaa local user blocked
Configuring an Authenticator Switch with NEAT
Configuring this feature requires that one switch outside a wiring closet is configured as a supplicant and is
connected to an authenticator switch.
Note The cisco-av-pairs must be configured as device-traffic-class=switch on the ACS, which sets the interface
as a trunk after the supplicant is successfully authenticated.
Beginning in privileged EXEC mode, follow these steps to configure a switch as an authenticator:
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
340
Local-user
user1
Configuring IEEE 802.1x Port-Based Authentication
Purpose
Configures the time period for which an user is blocked, if the
user fails to successfully login within the specified time and login
attempts.
• n—Specifies the number of times a user can try to login.
• m—Specifies the number of seconds within which an user
can try to login.
• x—Specifies the time period an user is banned if the user
fails to successfully login.
Exits global configuration mode and returns to privileged EXEC
mode.
Displays the list of local users who were blocked.
Clears the information about the blocked local user.
State
Watched (till 11:34:42 IST Feb 5 2015)
OL-29048-01