Cisco Catalyst 4500 series Administration Manual page 1203
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 46
Configuring 802.1X Port-Based Authentication
Command
Step 3
[Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Catalyst 4948E-F, Supervisor Engine
6-E, and Supervisor Engine 6L-E] Cisco IOS
Release 12.2(50)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release 15.0(1)X and later
Switch(config)# authentication
critical recovery delay msec
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config)# dot1x critical
recovery delay msec
Step 4
Switch(config)# interface
interface-id
Step 5
Switch(config-if)# switchport mode
access
or
Switch(config-if)# switchport mode
private-vlan host
Step 6
Switch(config-if)# dot1x pae
authenticator
Step 7
Switch(config-if)# authentication
port-control auto
Step 8
[Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Supervisor Engine 6-E, and
Supervisor Engine 6L-E]
Cisco IOS Release 12.2(50)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release 15.0(1)XO and later
Switch(config-if)# authentication
event server dead action authorize
[vlan vlan-id]
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x critical
or
[Catalyst 4900M, Catalyst 4948E, Catalyst
4948E-F, Supervisor Engine 6-E, and
Supervisor Engine 6L-E]
Cisco IOS Release 15.0(2)SG and later
[Supervisor Engine 7-E, Supervisor Engine
7L-E, Supervisor Engine 8-E)]
Cisco IOS Release XE 3.2.0SG and later
Switch(config-if)# [no]
authentication event server dead
action reinitialize [vlan vlan-id]
OL_28731-01
Purpose
(Optional) Specifies a throttle rate for the reinitialization of critically
authorized ports when the RADIUS server becomes available. The default
throttle rate is 100 milliseconds. This means that 10 ports reinitialize per
second.
Specifies the port to be configured and enters interface configuration
mode.
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Specifies that the ports with a valid PVLAN trunk association become active
host PVLAN trunk ports.
Enables 802.1X authentication on the port with default parameters.
Refer to the
"Default 802.1X Configuration" section on page
Enables 802.1X authentication on the interface.
Enables the Inaccessible Authentication Bypass feature for data clients
on the port and specifies a VLAN into which data clients are assigned. If
no VLAN is specified, data clients are assigned into the configured data
VLAN on the port.
To disable the feature, use the
no authentication event server dead action authorize vlan interface
configuration command (for earlier releases, use the
no dot1x critical interface configuration command).
Alternatively, starting with Cisco IOS Release 15.0(2)SG you can enable
Inaccessible Authentication Bypass for data clients using the
authentication event server dead action reinitialize vlan interface
configuration command which forces all authorized data clients to be
reauthenticated when RADIUS becomes unavailable and a client attempts
to authenticate. This only applies to data devices. Voice devices are
unaffected.
To disable it, use the no authentication event server dead action
reinitialize vlan interface configuration command.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring 802.1X Port-Based Authentication
46-30.
46-65
Advertisement
Chapters
Table of Contents
Troubleshooting
