Configuring IEEE 802.1x Authentication
Command
Step 7
dot1x critical [recovery action
reinitialize | vlan vlan-id]
Step 8
end
Step 9
show dot1x [interface interface-id]
Step 10
copy running-config startup-config
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet 1/1
Switch(config)# radius-server deadtime 60
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical recovery action reinitialize
Switch(config-if)# dot1x critical vlan 20
Switch(config-if)# end
Configuring IEEE 802.1x Authentication with WoL
Beginning in privileged EXEC mode, follow these steps to enable IEEE 802.1x authentication with WoL.
This procedure is optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
dot1x control-direction {both | in}
Cisco IE 3000 Switch Software Configuration Guide
10-36
Chapter 10
Purpose
Enable the inaccessible authentication bypass feature, and use these
keywords to configure the feature:
•
recovery action reinitialize—Enable the recovery feature, and
specify that the recovery action is to authenticate the port when an
authentication server is available.
vlan vlan-id—Specify the access VLAN to which the switch can
•
assign a critical port. The range is from 1 to 4094.
Return to privileged EXEC mode.
(Optional) Verify your entries.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the
Configuration Guidelines" section on page
Enable IEEE 802.1x authentication with WoL on the port, and use these
keywords to configure the port as bidirectional or unidirectional.
both—Sets the port as bidirectional. The port cannot receive packets
•
from or send packets to the host. By default, the port is bidirectional.
in—Sets the port as unidirectional. The port can send packets to the
•
host but cannot receive packets from the host.
Configuring IEEE 802.1x Port-Based Authentication
"IEEE 802.1x Authentication
10-20.
OL-13018-01