Cisco Catalyst 3750-X Software Configuration Manual page 345
Hide thumbs
Also See for Catalyst 3750-X:
- Command reference manual (1244 pages) ,
- Message manual (150 pages) ,
- Getting started manual (22 pages)
Table of Contents
Advertisement
Chapter 11
Configuring IEEE 802.1x Port-Based Authentication
Command
dot1x critical {eapol | recovery
Step 5
delay milliseconds}
Step 6
interface interface-id
Step 7
authentication event server
dead action [ authorize |
reinitialize ] vlan vlan-id
dot1x critical [recovery action
Step 8
reinitialize | vlan vlan-id]
Step 9
end
Step 10
show authentication
interface-id
or
show dot1x [interface
interface-id]
Step 11
copy running-config
startup-config
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet 1/0/1
Switch(config)# radius-server deadtime 60
OL-21521-01
Purpose
(Optional) Configure the parameters for inaccessible authentication bypass:
eapol—Specify that the switch sends an EAPOL-Success message when the
switch successfully authenticates the critical port.
recovery delay milliseconds—Set the recovery delay period during which the
switch waits to re-initialize a critical port when a RADIUS server that was
unavailable becomes available. The range is from 1 to 10000 milliseconds. The
default is 1000 milliseconds (a port can be re-initialized every second).
Specify the port to be configured, and enter interface configuration mode. For the
supported port types, see the
section on page
11-36.
Use these keywords to move hosts on the port if the RADIUS server is
unreachable:
authorize–Move any new hosts trying to authenticate to the user-specified
•
critical VLAN.
reinitialize–Move all authorized hosts on the port to the user-specified
•
critical VLAN.
Enable the inaccessible authentication bypass feature, and use these keywords to
configure the feature:
recovery action reinitialize—Enable the recovery feature, and specify that
•
the recovery action is to authenticate the port when an authentication server
is available.
vlan vlan-id—Specify the access VLAN to which the switch can assign a
•
critical port. The range is from 1 to 4094.
Return to privileged EXEC mode.
(Optional) Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
Configuring 802.1x Authentication
"802.1x Authentication Configuration Guidelines"
11-55
- Quick Links:
- Table of Contents
- Deployment Features
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
