Cisco Catalyst 3560-X Software Configuration Manual page 351

Hide thumbs Also See for Catalyst 3560-X:

Command reference manual (1188 pages)

Software configuration manual (1438 pages)

Manual (276 pages)

Table of Contents

Configuring IEEE 802.1x Port-Based Authentication

Beginning in privileged EXEC mode, follow these steps to configure the maximum number of allowed

authentication attempts. This procedure is optional.

configure terminal

interface interface-id

switchport mode access

switchport mode private-vlan host

authentication port-control auto

authentication event fail action

authorize vlan-id

authentication event retry retry count

show authentication interface

interface-id

copy running-config startup-config

To return to the default value, use the no authentication event retry interface configuration command.

This example shows how to set 2 as the number of authentication attempts allowed before the port moves

to the restricted VLAN:

Switch(config-if)# authentication event retry 2

Configuring Inaccessible Authentication Bypass and Critical Voice VLAN

You can configure the inaccessible bypass feature, also referred to as critical authentication or the AAA

fail policy to allow data traffic to pass through on the native VLAN when the server is not available. You

can also configure the critical voice VLAN feature so that if the server is not available and traffic from

the host is tagged with the voice VLAN, the connected device (the phone) is put in the configured voice

VLAN for the port.

Enter global configuration mode.

Specify the port to be configured, and enter interface configuration mode.

For the supported port types, see the

Configuration Guidelines" section on page

Set the port to access mode,

Configure the Layer 2 port as a private-VLAN host port.

Enable 802.1x authentication on the port.

Specify an active VLAN as an 802.1x restricted VLAN. The range is 1 to

You can configure any active VLAN except an internal VLAN (routed

port), an RSPAN VLAN, a primary private VLAN, or a voice VLAN as

an 802.1x restricted VLAN.

Specify a number of authentication attempts to allow before a port moves

to the restricted VLAN. The range is 1 to 3, and the default is 3.

Return to privileged EXEC mode.

(Optional) Verify your entries.

(Optional) Save your entries in the configuration file.

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

Configuring 802.1x Authentication

"802.1x Authentication

Troubleshooting

Catalyst 3750-x

Cisco Catalyst 3560-X Software Configuration Manual page 351

Troubleshooting

Related Manuals for Cisco Catalyst 3560-X

Related Products for Cisco Catalyst 3560-X

This manual is also suitable for:

Table of Contents