Table of Contents
Advertisement
Chapter 9
Configuring IEEE 802.1x Port-Based Authentication
Command
Step 3
switchport mode access
or
switchport mode private-vlan host
Step 4
authentication port-control auto
Step 5
authentication event fail action
authorize vlan-id
Step 6
authentication event retry retry count
Step 7
end
Step 8
show authentication interface
interface-id
Step 9
copy running-config startup-config
To return to the default value, use the no authentication event retry interface configuration command.
This example shows how to set 2 as the number of authentication attempts allowed before the port moves
to the restricted VLAN:
Switch(config-if)# authentication event retry 2
Configuring the Inaccessible Authentication Bypass Feature
You can configure the inaccessible bypass feature, also referred to as critical authentication or the AAA
fail policy.
Beginning in privileged EXEC mode, follow these steps to configure the port as a critical port and enable
the inaccessible authentication bypass feature. This procedure is optional.
Command
Step 1
configure terminal
Step 2
radius-server dead-criteria time time
tries tries
Step 3
radius-server deadtime minutes
OL-13270-06
Purpose
Set the port to access mode,
or
Configure the Layer 2 port as a private-VLAN host port.
Enable 802.1x authentication on the port.
Specify an active VLAN as an 802.1x restricted VLAN. The range is 1 to
4094.
You can configure any active VLAN except an internal VLAN (routed
port), an RSPAN VLAN or a voice VLAN as an 802.1x restricted VLAN.
Specify a number of authentication attempts to allow before a port moves
to the restricted VLAN. The range is 1 to 3, and the default is 3.
Return to privileged EXEC mode.
(Optional) Verify your entries.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
(Optional) Set the conditions that are used to decide when a RADIUS
server is considered unavailable or dead.
The range for time is from 1 to 120 seconds. The switch dynamically
determines the default seconds value that is 10 to 60 seconds.
The range for tries is from 1 to 100. The switch dynamically determines
the default tries parameter that is 10 to 100.
(Optional) Set the number of minutes that a RADIUS server is not sent
requests. The range is from 0 to 1440 minutes (24 hours). The default is
0 minutes.
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
Configuring 802.1x Authentication
9-53
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
