Cisco Catalyst 3560-X Software Configuration Manual page 353
Hide thumbs
Also See for Catalyst 3560-X:
- Command reference manual (1188 pages) ,
- Software configuration manual (1438 pages) ,
- Manual (276 pages)
Table of Contents
Advertisement
Chapter 1
Configuring IEEE 802.1x Port-Based Authentication
Command
Step 5
dot1x critical {eapol | recovery
delay milliseconds}
Step 6
interface interface-id
Step 7
authentication event server
dead action {authorize |
reinitialize} vlan vlan-id]
Step 8
switchport voice vlan vlan-id
Step 9
authentication event server
dead action authorize voice
Step 10
end
Step 11
show authentication interface
interface-id
Step 12
copy running-config
startup-config
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To disable
inaccessible authentication bypass, use the no authentication event server dead action interface
configuration command. To disable critical voice VLAN, use the no authentication event server dead
action authorize voice interface configuration command.
This example shows how to configure the inaccessible authentication bypass and critical voice VLAN
features:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet 1/0/1
Switch(config-if)# authentication event server dead action reinitialicze vlan 20
Switch(config-if)# switchport voice vlan
Switch(config-if)# authentication event server dead action authorize voice
Switch(config-if)# end
OL-25303-03
Purpose
(Optional) Configure the parameters for inaccessible authentication bypass:
eapol—Specify that the switch sends an EAPOL-Success message when the
switch successfully authenticates the critical port.
recovery delay milliseconds—Set the recovery delay period during which the
switch waits to re-initialize a critical port when a RADIUS server that was
unavailable becomes available. The range is from 1 to 10000 milliseconds. The
default is 1000 milliseconds (a port can be re-initialized every second).
Specify the port to be configured, and enter interface configuration mode. For the
supported port types, see the
section on page
1-39.
Use these keywords to move hosts on the port if the RADIUS server is
unreachable:
authorize–Move any new hosts trying to authenticate to the user-specified
•
critical VLAN.
reinitialize–Move all authorized hosts on the port to the user-specified
•
critical VLAN.
Specifies the voice VLAN for the port. The voice VLAN cannot be the same as
the critical data VLAN configured in Step 6.
Configures critical voice VLAN to move data traffic on the port to the voice
VLAN if the RADIUS server is unreachable.
Return to privileged EXEC mode.
(Optional) Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
Configuring 802.1x Authentication
"802.1x Authentication Configuration Guidelines"
1-65
Advertisement
Table of Contents
Troubleshooting
