Provision In High Impact Mode - Cisco Catalyst 3850 Manual
Hide thumbs
Also See for Catalyst 3850:
- Hardware installation manual (146 pages) ,
- Deployment manual (54 pages) ,
- Command reference manual (40 pages)
Table of Contents
Advertisement
Access Control on the Wired Network
Provision in High-Impact Mode
The final deployment phase of securing your wired network is high-impact mode.
This phase goes beyond low-impact mode and provisions tight access control on the network port by
configuring the default IEEE 802.1x authentication mode with dynamic VLAN for differentiated access.
Step 12
Configure multi-authentication host mode, and open authentication.
authentication host-mode multi-auth
authentication open
Disable RADIUS for this deployment phase.
Step 13
High-impact mode provides no network access to devices and users that fail authentication. In monitor
mode and low-impact mode, we recommend that you identify and resolve the devices and user accounts
that have failed authentication. Transition to high-impact mode when you are confident that end devices
(that need network access) authenticate successfully, and authentication fails for devices and users that
do not need access.
Begin in global configuration mode.
interface
no authentication open
Step 14
Assign critical VLAN assignments for situations where the authentication server is unavailable.
The following command is used to configure a port to send both new and existing hosts to the critical
VLAN when the RADIUS server is unavailable. Use this command for ports in multiple authentication
(multiauth) mode or if the voice domain of the port is in MDA mode.
authentication event server dead action authorize vlan
If the authentication server does not respond, authorize voice.
Step 15
authentication dead action authorize voice
GigabitEthernet 1/0/1-1/0/24
Best Practice User Guide for the Catalyst 3850 and Catalyst 3650 Switch Series
Securing Access Using 802.1x on a wired LAN
20
73
Hide quick links:
Advertisement
Table of Contents
