Configuring 802.1X Violation Modes - Cisco Catalyst 2960 series Configuration Manual

DETAILED STEPS
Command or Action
Step 1
configure terminal
Step 2
errdisable detect cause security-violation
shutdown vlan
Step 3 errdisable recovery cause
security-violation
Step 4
clear errdisable interfaceinterface-id vlan
[vlan-list]
Step 5 Enter the following:
• shutdown
• no shutdown
Step 6 end
Step 7
show errdisable detect
This example shows how to configure the switch to shut down any VLAN on which a security violation error
occurs:
Switch(config)#
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 40/2.
Switch#
vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Related Topics
Voice Aware 802.1x Security, on page 1351

Configuring 802.1x Violation Modes

You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from a
new device when:
• a device connects to an 802.1x-enabled port
• the maximum number of allowed about devices have been authenticated on the port
errdisable detect cause security-violation shutdown vlan
clear errdisable interface gigabitethernet4/0/2
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
How to Configure 802.1x Port-Based Authentication
Purpose
Enter global configuration mode.
Shut down any VLAN on which a security violation error occurs.
If the shutdown vlan keywords are not included, the entire
Note
port enters the error-disabled state and shuts down.
Enter global configuration mode.
(Optional) Reenable individual VLANs that have been error disabled.
• For interface-id specify the port on which to reenable individual
VLANs.
• (Optional) For vlan-list specify a list of VLANs to be re-enabled.
If vlan-list is not specified, all VLANs are re-enabled.
(Optional) Re-enable an error-disabled VLAN, and clear all
error-disable indications.
Return to privileged EXEC mode.
Verify your entries.
1359