Cisco Catalyst 2960-X Security Configuration Manual page 354
Cisco ios release 15.0(2)ex
Hide thumbs
Also See for Catalyst 2960-X:
- Command reference manual (135 pages) ,
- Hardware installation manual (34 pages) ,
- Getting started manual (25 pages)
Table of Contents
Advertisement
Configuring 802.1x Inaccessible Authentication Bypass with Critical Voice VLAN
Command or Action
Step 6
dot1x critical {eapol | recovery delay
milliseconds}
Example:
Switch(config)# dot1x critical eapol
(config)# dot1x critical recovery delay
2000
Step 7
interface interface-id
Example:
Switch(config)# interface
gigabitethernet 1/0/1
Step 8
authentication event server dead action
{authorize | reinitialize} vlan vlan-id]
Example:
Switch(config-if)# authentication event
server dead action
reinitialicze vlan 20
Step 9
switchport voice vlan vlan-id
Example:
Switch(config-if)# switchport voice
vlan
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
330
Purpose
RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
Always configure the key as the last item in the
Note
radius-server host command syntax because leading spaces
are ignored, but spaces within and at the end of the key are
used. If you use spaces in the key, do not enclose the key
in quotation marks unless the quotation marks are part of
the key. This key must match the encryption used on the
RADIUS daemon.
You can also configure the authentication and encryption key by using
theradius-server key {0string | 7string | string} global configuration
command.
(Optional) Configure the parameters for inaccessible authentication bypass:
• eapol—Specify that the switch sends an EAPOL-Success message
when the switch successfully authenticates the critical port.
• recovery delaymilliseconds—Set the recovery delay period during
which the switch waits to re-initialize a critical port when a RADIUS
server that was unavailable becomes available. The range is from 1
to 10000 milliseconds. The default is 1000 milliseconds (a port can
be re-initialized every second).
Specify the port to be configured, and enter interface configuration mode.
Use these keywords to move hosts on the port if the RADIUS server is
unreachable:
• authorize—Move any new hosts trying to authenticate to the
user-specified critical VLAN.
• reinitialize—Move all authorized hosts on the port to the
user-specified critical VLAN.
Specifies the voice VLAN for the port. The voice VLAN cannot be the
same as the critical data VLAN configured in Step 6.
Configuring IEEE 802.1x Port-Based Authentication
OL-29048-01
Hide quick links:
Advertisement
Table of Contents
