How to Configure 802.1x Port-Based Authentication
Command or Action
Step 9
switchport voice vlan vlan-id
Example:
Switch(config-if)# switchport voice
vlan
Step 10
authentication event server dead action
authorize voice
Example:
Switch(config-if)#
event server dead action
authorize voice
Step 11
show authentication interface interface-id
Example:
Switch(config-if)#
authentication interface gigabit 1/0/1
Step 12
copy running-config startup-config
Example:
Switch(config-if)#
running-config startup-config
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no radius-server
deadtime, and the no radius-server host global configuration commands. To disable inaccessible authentication
bypass, use the no authentication event server dead action interface configuration command. To disable
critical voice VLAN, use the no authentication event server dead action authorize voice interface
configuration command.
Example of Configuring Inaccessible Authentication Bypass
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username user1
idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet 1/0/1
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical recovery action reinitialize
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1386
Purpose
Specifies the voice VLAN for the port. The voice VLAN cannot be the
same as the critical data VLAN configured in Step 6.
Configures critical voice VLAN to move data traffic on the port to the
voice VLAN if the RADIUS server is unreachable.
authentication
(Optional) Verify your entries.
do show
(Optional) Verify your entries.
do copy