Example Of Configuring Inaccessible Authentication Bypass - Cisco Catalyst 2960-XR Security Configuration Manual
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Configuring the Inaccessible Authentication Bypass Feature
Command or Action
Step 5
dot1x critical {eapol | recovery delay
milliseconds}
Example:
Switch(config)# dot1x critical eapol
recovery delay 2000
Step 6
interface interface-id
Example:
Switch(config)# interface
gigabitethernet 1/0/1
Step 7
authentication event server dead action
{authorize | reinitialize} vlan vlan-id]
Example:
Switch(config-if)# authentication
event server dead action
reinitialize vlan 5
Step 8
dot1x critical [recovery action
reinitialize | vlan vlan-id]
Example:
Switch(config-if)# dot1x critical
recovery action reinitialize
Step 9
end
Example:
Switch(config-if)# end
Example of Configuring Inaccessible Authentication Bypass
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username user1
idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
276
Purpose
(Optional) Configures the parameters for inaccessible authentication bypass:
eapol—Specifies that the switch sends an EAPOL-Success message when the
switch successfully authenticates the critical port.
recovery delay milliseconds—Sets the recovery delay period during which
the switch waits to re-initialize a critical port when a RADIUS server that was
unavailable becomes available. The range is from 1 to 10000 milliseconds.
The default is 1000 milliseconds (a port can be re-initialized every second).
Specify the port to be configured, and enter interface configuration mode.
Moves hosts on the port if the RADIUS server is unreachable:
• authorize–Moves any new hosts trying to authenticate to the
user-specified critical VLAN.
• reinitialize–Moves all authorized hosts on the port to the user-specified
critical VLAN.
Enables the inaccessible authentication bypass feature, and use these keywords
to configure the feature:
• authorize—Authorizes the port.
• reinitialize—Reinitializes all authorized clients.
Returns to privileged EXEC mode.
Configuring IEEE 802.1x Port-Based Authentication
OL-29434-01
Hide quick links:
Advertisement
Table of Contents
