Configuring 802.1X Violation Modes - Cisco Catalyst 2960 Software Configuration Manual
Hide thumbs
Also See for Catalyst 2960:
- Configuration manual (2288 pages) ,
- Command reference manual (800 pages) ,
- Hardware installation manual (108 pages)
Table of Contents
Advertisement
Configuring 802.1x Authentication
•
Beginning in privileged EXEC mode, follow these steps to enable voice aware 802.1x security:
Command
Step 1
configure terminal
Step 2
errdisable detect cause
security-violation shutdown vlan
Step 3
errdisable recovery cause
security-violation
Step 4
clear errdisable interface interface-id
[vlan-list]
vlan
Step 5
shutdown
no-shutdown
Step 6
end
Step 7
show errdisable detect
Step 8
copy running-config startup-config
This example shows how to configure the switch to shut down any VLAN on which a security violation
error occurs:
Switch(config)# errdisable detect cause security-violation shutdown vlan
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 40/2.
Switch# clear errdisable interface gigabitethernet4/0/2 vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Configuring 802.1x Violation Modes
To configure violation modes, the switch must be running the LAN base image.
Note
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from
a new device when:
•
•
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
10-42
You can re-enable individual VLANs by using the clear errdisable interface interface-id
[vlan-list] privileged EXEC command. If you do not specify a range, all VLANs on the port are
enabled.
Purpose
Enter global configuration mode.
Shut down any VLAN on which a security violation error occurs.
Note
(Optional) Enable automatic per-VLAN error recovery.
(Optional) Reenable individual VLANs that have been error disabled.
(Optional) Re-enable an error-disabled VLAN, and clear all error-disable
indications.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
a device connects to an 802.1x-enabled port
the maximum number of allowed about devices have been authenticated on the port
Chapter 10
If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.
•
For interface-id specify the port on which to reenable individual
VLANs.
•
(Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.
Configuring IEEE 802.1x Port-Based Authentication
vlan
OL-26520-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
