Configuring Voice Aware 802.1X Security - Cisco Catalyst 2975 Software Configuration Manual
Ios release 12.2(55)se
Hide thumbs
Also See for Catalyst 2975:
- Hardware installation manual (62 pages) ,
- Brochure (19 pages) ,
- Getting started manual (17 pages)
Table of Contents
Advertisement
Configuring 802.1x Authentication
Command
Step 3
end
Step 4
show running-config
This example shows how to enable a readiness check on a switch to query a port. It also shows the
response received from the queried port verifying that the device connected to it is 802.1x-capable:
switch# dot1x test eapol-capable interface gigabitethernet1/0/13
DOT1X_PORT_EAPOL_CAPABLE:DOT1X: MAC 00-01-02-4b-f1-a3 on gigabitethernet1/0/13 is EAPOL
capable
Configuring Voice Aware 802.1x Security
You use the voice aware 802.1x security feature on the switch to disable only the VLAN on which a
security violation occurs, whether it is a data or voice VLAN. You can use this feature in IP phone
deployments where a PC is connected to the IP phone. A security violation found on the data VLAN
results in the shutdown of only the data VLAN. The traffic on the voice VLAN flows through the switch
without interruption.
Follow these guidelines to configure voice aware 802.1x voice security on the switch:
•
If you do not include the shutdown vlan keywords, the entire port is shut down when it enters the
Note
error-disabled state.
•
•
Beginning in privileged EXEC mode, follow these steps to enable voice aware 802.1x security:
Command
Step 1
configure terminal
Step 2
errdisable detect cause
security-violation shutdown vlan
Step 3
errdisable recovery cause
security-violation
Catalyst 2975 Switch Software Configuration Guide
10-38
Purpose
(Optional) Return to privileged EXEC mode.
(Optional) Verify your modified timeout values.
You enable voice aware 802.1x security by entering the errdisable detect cause security-violation
shutdown vlan global configuration command. You disable voice aware 802.1x security by entering
the no version of this command. This command applies to all 802.1x-configured ports in the switch.
If you use the errdisable recovery cause security-violation global configuration command to
configure error-disabled recovery, the port is automatically re-enabled. If error-disabled recovery is
not configured for the port, you re-enable it by using the shutdown and no-shutdown interface
configuration commands.
You can re-enable individual VLANs by using the clear errdisable interface interface-id
[vlan-list] privileged EXEC command. If you do not specify a range, all VLANs on the port are
enabled.
Purpose
Enter global configuration mode.
Shut down any VLAN on which a security violation error occurs.
Note
(Optional) Enable automatic per-VLAN error recovery.
Chapter 10
Configuring IEEE 802.1x Port-Based Authentication
If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.
vlan
OL-19720-02
- Quick Links:
- Management Options
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
