Configuring 802.1X Violation Modes - Cisco Catalyst 2975 Software Configuration Manual
Ios release 12.2(55)se
Hide thumbs
Also See for Catalyst 2975:
- Hardware installation manual (62 pages) ,
- Brochure (19 pages) ,
- Getting started manual (17 pages)
Table of Contents
Advertisement
Chapter 10
Configuring IEEE 802.1x Port-Based Authentication
Command
Step 4
clear errdisable interface interface-id
[vlan-list]
vlan
Step 5
shutdown
no-shutdown
Step 6
end
Step 7
show errdisable detect
Step 8
copy running-config startup-config
This example shows how to configure the switch to shut down any VLAN on which a security violation
error occurs:
Switch(config)# errdisable detect cause security-violation shutdown vlan
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 4/0/2.
Switch# clear errdisable interface gigabitethernet4/0/2 vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from
a new device when:
•
•
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on
the switch:
Command
Step 1
configure terminal
Step 2
aaa new-model
Step 3
aaa authentication dot1x {default}
method1
OL-19720-02
Purpose
(Optional) Reenable individual VLANs that have been error disabled.
(Optional) Re-enable an error-disabled VLAN, and clear all error-disable
indications.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
a device connects to an 802.1x-enabled port
the maximum number of allowed about devices have been authenticated on the port
Purpose
Enter global configuration mode.
Enable AAA.
Create an 802.1x authentication method list.
To create a default list to use when a named list is not specified in the
authentication command, use the default keyword followed by the
method that is to be used in default situations. The default method list is
automatically applied to all ports.
For method1, enter the group radius keywords to use the list of all
RADIUS servers for authentication.
Note
•
For interface-id specify the port on which to reenable individual
VLANs.
•
(Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.
Though other keywords are visible in the command-line help
string, only the group radius keywords are supported.
Catalyst 2975 Switch Software Configuration Guide
Configuring 802.1x Authentication
10-39
- Quick Links:
- Management Options
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
