Cisco Catalyst 4500 Series Command Reference Manual page 85

Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
Usage Guidelines The authentication event fail command replaces the following 802.1X commands, which are
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
•
•
The authentication event fail command is supported only for 802.1X to signal authentication failures.
By default, this failure type causes the authentication method to be retried. You can configure either to
authorize the port in the configured VLAN or to failover to the next authentication method. Optionally,
you can specify the number of authentication retries before performing this action.
The authentication event server command replaces the following 802.1X commands, which are
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
•
•
•
The authentication event server command specifies the behavior when the AAA server becomes
unreachable, ports are authorized in the specified VLAN.
The authentication server alive action command specifies the action to be taken once the AAA server
becomes reachable again.
You can verify your settings by entering the show authentication privileged EXEC command.
The authentication event no-response command replaces the following 802.1X command, which is
deprecated in Cisco IOS Release 12.2(50)SG and later releases:
•
The authentication event no-response command specifies the action to be taken when the client does
not support 802.1X.
Examples
The following example shows how to specify that when an authentication fails due to bad user
credentials, the process advances to the next authentication method:
Switch(config-if)# authentication event fail action next-method
Switch(config-if)#
The following example shows how to specify the AAA server alive actions as reinitialize all authorized
clients for authentication events:
Switch(config-if)# authentication event server alive action reinitialize
Switch(config-if)#
The following example shows how to specify the AAA server dead actions that authorize the port for
authentication events:
Switch(config-if)# authentication event server dead action authorize
Switch(config-if)#
The following example shows how to specify the conditions when a client doesn't support 802.1X to
authorize the port for authentication events:
Switch(config-if)# authentication event authentication event no-response action authorize
vlan 10
Switch(config-if)#
OL-27596 -01
[no] dot1x auth-fail max-attempts count
[no] dot1x auth-fail vlan vlan
[no] dot1x critical
[no] dot1x critical vlan vlan
[no] dot1x critical recover action initialize
[no] dot1x guest-vlan vlan
Catalyst 4500 Series Switch Cisco IOS Command Reference—Release IOS XE 3.4.0SG and IOS 15.1(2)SG)
authentication event
2-27