Configuring A Restricted Vlan - Cisco Catalyst 2960-X Security Configuration Manual

Configuring a Restricted VLAN

Command or Action
Step 2
interface interface-id
Example:
Switch(config)# interface gigabitethernet2/0/2
Step 3 Use one of the following:
• switchport mode access
• switchport mode private-vlan host
Example:
Switch(config-if)# switchport mode private-vlan
host
Step 4
authentication event no-response action authorize vlan
vlan-id
Example:
Switch(config-if)# authentication event
no-response action authorize vlan 2
Step 5
end
Example:
Switch(config-if)# end
Configuring a Restricted VLAN
When you configure a restricted VLAN on a switch stack or a switch, clients that are IEEE 802.1x-compliant
are moved into the restricted VLAN when the authentication server does not receive a valid username and
password. The switch supports restricted VLANs only in single-host mode.
Beginning in privileged EXEC mode, follow these steps to configure a restricted VLAN. This procedure is
optional.
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
324
Configuring IEEE 802.1x Port-Based Authentication
Purpose
Specifies the port to be configured, and enter interface
configuration mode.
• Sets the port to access mode.
• Configures the Layer 2 port as a private-VLAN host
port.
Specifies an active VLAN as an 802.1x guest VLAN. The
range is 1 to 4094.
You can configure any active VLAN except an internal
VLAN (routed port), an RSPAN VLAN or a voice VLAN
as an 802.1x guest VLAN.
Returns to privileged EXEC mode.
OL-29048-01