Cisco Catalyst 4500 series Administration Manual page 1214
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
Follow these guidelines to configure voice aware 802.1x voice security on the switch:
•
Note
If you do not include the shutdown vlan keywords, the entire port is shut down when it enters the
error-disabled state.
•
•
To enable voice aware 802.1x security, follow these steps, beginning in privileged EXEC mode:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# errdisable detect
cause security-violation shutdown
vlan
Step 3
Switch(config)# errdisable recovery
cause security-violation
Step 4
Switch(config)# errdisable recovery
interval interval
Step 5
Switch(config)# end
Step 6
Switch# clear errdisable interface
interface-id
vlan
Step 7
Switch(config)# interface
interface-id
Step 8
Switch(config-if)# shutdown
no-shutdown
Step 9
Switch(config-if)# end
Step 10
Switch# show errdisable detect
Step 11
Switch# copy running-config
startup-config
Switch# configure terminal
Switch(config)# errdisable detect cause security-violation shutdown vlan
Switch(config)# errdisable recovery cause security-violation
Switch(config)# errdisable recovery interval interval
Switch(config)# end
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
46-76
You enable voice aware 802.1x security by entering the errdisable detect cause security-violation
shutdown vlan global configuration command. You disable voice aware 802.1x security by entering
the no version of this command. This command applies to all 802.1x-configured ports in the switch.
If you use the errdisable recovery cause security-violation global configuration command to
configure error-disabled recovery, the port is automatically re-enabled. If error-disabled recovery is
not configured for the port, you re-enable it with the shutdown and no-shutdown interface
configuration commands.
You can re-enable individual VLANs with the clear errdisable interface interface-id
[vlan-list] privileged EXEC command. If you do not specify a range, all VLANs on the port are
enabled.
Purpose
Enters global configuration mode.
Shuts down any VLAN on which a security violation error occurs.
Note
(Optional) Enables automatic per-VLAN error recovery.
(Optional) Sets a recovery interval (in sec). The interval range is 30 to
86400. The default is 300 sec.
Enters exec mode.
(Optional) Reenables individual VLANs that have been error disabled.
vlan-list
[
]
Enters interface configuration mode.
(Optional) Re-enables an error-disabled VLAN, and clears all
error-disable indications.
Returns to privileged EXEC mode.
Verifies your settings.
(Optional) Saves your entries in the configuration file.
Chapter 46
If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.
•
For interface-id specify the port on which to reenable individual
VLANs.
•
(Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.
Configuring 802.1X Port-Based Authentication
vlan
OL_28731-01
Advertisement
Chapters
Table of Contents
Troubleshooting
