Table of Contents
Advertisement
Chapter 8
Configuring IEEE 802.1x Port-Based Authentication
Command
Step 5
dot1x critical {eapol | recovery delay
milliseconds}
Step 6
interface interface-id
Step 7
dot1x critical [recovery action
reinitialize | vlan vlan-id]
Step 8
end
Step 9
show dot1x [interface interface-id]
Step 10
copy running-config startup-config
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet0/1
Switch(config)# radius-server deadtime 60
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical recovery action reinitialize
Switch(config-if)# dot1x critical vlan 20
Switch(config-if)# end
OL-8915-03
Purpose
(Optional) Configure the parameters for inaccessible authentication
bypass:
eapol—Specify that the switch sends an EAPOL-Success message when
the switch successfully authenticates the critical port.
recovery delay milliseconds—Set the recovery delay period during
which the switch waits to re-initialize a critical port when a RADIUS
server that was unavailable becomes available. The range is from 1 to
10000 milliseconds. The default is 1000 milliseconds (a port can be
re-initialized every second).
Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the
Configuration Guidelines" section on page
Enable the inaccessible authentication bypass feature, and use these
keywords to configure the feature:
•
recovery action reinitialize—Enable the recovery feature, and
specify that the recovery action is to authenticate the port when an
authentication server is available.
vlan vlan-id—Specify the access VLAN to which the switch can
•
assign a critical port. The range is from 1 to 4094.
Return to privileged EXEC mode.
(Optional) Verify your entries.
(Optional) Save your entries in the configuration file.
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
Configuring IEEE 802.1x Authentication
"IEEE 802.1x Authentication
8-21.
8-37
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
