Configuring The Inaccessible Authentication Bypass Feature - Cisco Catalyst 2960-XR Security Configuration Manual

Configuring the Inaccessible Authentication Bypass Feature

Command or Action
Step 7
end
Example:
Switch(config-if)# end
Configuring the Inaccessible Authentication Bypass Feature
You can configure the inaccessible bypass feature, also referred to as critical authentication or the AAA fail
policy.
Beginning in privileged EXEC mode, follow these steps to configure the port as a critical port and enable the
inaccessible authentication bypass feature. This procedure is optional.
SUMMARY STEPS
1. configure terminal
2. radius-server dead-criteria time time tries tries
3. radius-server deadtime minutes
4. radius-server host ip-address [acct-port udp-port] [auth-port udp-port][ test username name [idle-time
time] [ignore-acct-port] [ignore-auth-port]] [key string]
5. dot1x critical {eapol | recovery delay milliseconds}
6. interface interface-id
7. authentication event server dead action {authorize | reinitialize} vlan vlan-id]
8. dot1x critical [recovery action reinitialize | vlan vlan-id]
9. end
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
Switch# configure terminal
Step 2 radius-server dead-criteria time time
tries tries
Example:
Switch(config)# radius-server
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
274
Purpose
Returns to privileged EXEC mode.
Purpose
Enters the global configuration mode.
(Optional) Sets the conditions that are used to decide when a RADIUS server
is considered unavailable or dead.
The range for time is from 1 to 120 seconds. The switch dynamically determines
the default seconds value that is 10 to 60 seconds.
Configuring IEEE 802.1x Port-Based Authentication
OL-29434-01