Dot1X Critical (Interface Configuration) - Dell Catalyst 3130 Command Reference Manual

Chapter 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Cisco IOS Commands

dot1x critical (interface configuration)

Use the dot1x critical interface configuration command on the switch stack or on a standalone switch
to enable the inaccessible-authentication-bypass feature, also referred to as critical authentication or the
authentication, authorization, and accounting (AAA) fail policy. You can also configure the access
VLAN to which the switch assigns the critical port when the port is in the critical-authentication state.
To disable the feature or return to default, use the no form of this command.
Syntax Description recovery action reinitialize
vlan vlan-id
Defaults The inaccessible-authentication-bypass feature is disabled.
The recovery action is not configured.
The access VLAN is not configured.
Command Modes
Interface configuration
Command History Release
12.2(40)EX1
Usage Guidelines To specify the access VLAN to which the switch assigns a critical port when the port is in the
critical-authentication state, use the vlan vlan-id keywords. The specified type of VLAN must match the
type of port, as follows:
•
•
•
If the client is running Windows XP and the critical port to which the client is connected is in the
critical-authentication state, Windows XP might report that the interface is not authenticated.
If the Windows XP client is configured for DHCP and has an IP address from the DHCP server, receiving
an EAP-Success message on a critical port might not re-initiate the DHCP configuration process.
OL-13271-03
dot1x critical [recovery action reinitialize | vlan vlan-id]
no dot1x critical [recovery | vlan]
Modification
This command was introduced.
If the critical port is an access port, the VLAN must be an access VLAN.
If the critical port is a private VLAN host port, the VLAN must be a secondary private VLAN.
If the critical port is a routed port, you can specify a VLAN, but this is optional.
Enable the inaccessible-authentication-bypass recovery feature, and
specify that the recovery action is to authenticate the port when an
authentication server is available.
Specify the access VLAN to which the switch can assign a critical
port. The range is from 1 to 4094.
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Command Reference
dot1x critical (interface configuration)
2-129