Configuring 802.1X Violation Modes - Cisco Catalyst 2960-X Security Configuration Manual

Configuring 802.1x Violation Modes

Command or Action
Step 5 Enter the following:
• shutdown
• no shutdown
Step 6
end
Step 7
show errdisable detect
This example shows how to configure the switch to shut down any VLAN on which a security violation error
occurs:
Switch(config)#
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 40/2.
Switch#
vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Related Topics
Voice Aware 802.1x Security, on page 295
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from a
new device when:
• a device connects to an 802.1x-enabled port
• the maximum number of allowed about devices have been authenticated on the port
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on the
switch:
SUMMARY STEPS
1. configure terminal
2. aaa new-model
3. aaa authentication dot1x {default} method1
4. interface interface-id
5. switchport mode access
6. authentication violation {shutdown | restrict | protect | replace}
7. end
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
304
errdisable detect cause security-violation shutdown vlan
clear errdisable interface gigabitethernet4/0/2
Configuring IEEE 802.1x Port-Based Authentication
Purpose
(Optional) Re-enable an error-disabled VLAN, and clear all
error-disable indications.
Return to privileged EXEC mode.
Verify your entries.
OL-29048-01