Command or Action
Step 3
Use one of the following:
• switchport mode access
• switchport mode private-vlan host
Example:
Switch(config-if)# switchport mode access
Step 4
authentication port-control auto
Example:
Switch(config-if)# authentication port-control
auto
Step 5
authentication event fail action authorize vlan vlan-id
Example:
Switch(config-if)# authentication event fail
action authorize vlan 2
Step 6
end
Example:
Switch(config-if)# end
Configuring Number of Authentication Attempts on a Restricted VLAN
You can configure the maximum number of authentication attempts allowed before a user is assigned to the
restricted VLAN by using the authentication event retry retry count interface configuration command. The
range of allowable authentication attempts is 1 to 3. The default is 3 attempts.
Beginning in privileged EXEC mode, follow these steps to configure the maximum number of allowed
authentication attempts. This procedure is optional.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
How to Configure 802.1x Port-Based Authentication
Purpose
• Sets the port to access mode.
• Configures the Layer 2 port as a private-VLAN host
port.
Enables 802.1x authentication on the port.
Specifies an active VLAN as an 802.1x restricted VLAN.
The range is 1 to 4094.
You can configure any active VLAN except an internal
VLAN (routed port), an RSPAN VLAN or a voice VLAN
as an 802.1x restricted VLAN.
Returns to privileged EXEC mode.
1381