Cisco Systems 3560 Frozen Dessert Maker User Manual

Open as PDF

of 1288

10-49

Catalyst 3560 Switch Software Configuration Guide

OL-8553-06

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

To return to the default value, use the no dot1x auth-fail max-attempts interface configuration

command.

This example shows how to set 2 as the number of authentication attempts allowed before the port moves

to the restricted VLAN:

Switch(config-if)# dot1x auth-fail max-attempts 2

Configuring the Inaccessible Authentication Bypass Feature

You can configure the inaccessible bypass feature, also referred to as critical authentication or the AAA

fail policy.

Note You must configure the RADIUS server parameters on the switch to monitor the RADIUS server state

(see the

“Configuring the Switch-to-RADIUS-Server Communication” section on page 10-38). You

must also configure the idle time, dead time, and dead criteria.

If you do not configure these parameters, the switch prematurely changes the RADIUS server status to

dead.

Beginning in privileged EXEC mode, follow these steps to configure the port as a critical port and enable

the inaccessible authentication bypass feature. This procedure is optional.

Step 6

dot1x auth-fail max-attempts max

attempts

Specify a number of authentication attempts to allow before a port moves

to the restricted VLAN. The range is 1 to 3, and the default is 3.

Step 7

end Return to privileged EXEC mode.

Step 8

show authentication interface-id

show dot1x interface interface-id

(Optional) Verify your entries.

Step 9

copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

radius-server dead-criteria time time

tries tries

(Optional) Set the conditions that are used to decide when a RADIUS

server is considered unavailable or dead.

The range for time is from 1 to 120 seconds. The switch dynamically

determines the default seconds value that is 10 to 60 seconds.

The range for tries is from 1 to 100. The switch dynamically determines

the default tries parameter that is 10 to 100.

Step 3

radius-server deadtime minutes (Optional) Set the number of minutes that a RADIUS server is not sent

requests. The range is from 0 to 1440 minutes (24 hours). The default is

0 minutes.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems 3560 Frozen Dessert Maker User Manual