DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-45
Command Function
DES-7200# configure terminal
Enter global configuration mode.
DES-7200(config)# interface <interface-id>
Enter interface configuration mode.
DES-7200(config-if)# dot1x critical
Configure Inaccessible Authentication Bypass.
DES-7200(config-if)# end
Return to privileged mode.
DES-7200# show running-config
Display all configurations.
The following example shows how to configure Inaccessible Authentication Bypass:
DES-7200# configure terminal
DES-7200(config)# interface fa 0/1
DES-7200(config-if)# dot1x port-control auto
DES-7200(config-if)# dot1x critical
Note
After IAB is enabled on the port and all servers become inaccessible:
1. IAB will take effect only if the globally configured 802.1x
authentication method list contains only RADIUS authentication
method and all RADIUS servers have failed. If there are other
authentication methods in the list (such as local, none, etc), IAB
won't take effect.
2. After globally enabling AAA multi-domain authentication, the
globally configured authentication method list won't be adopted
during 802.1x user authentication. Since IAB will directly allow the
user to pass authentication without the need to enter username
after the RADIUS servers in 802.1x authentication method list
have all failed, AAA multi-domain authentication will fail on this
port.
3. IAB-authorized users won't send accounting request to the
accounting server.
4. Normally authenticated users won't be affected and can still
access network.
5. When enabling the 802.1x IP authorization, if authenticated user
on the port exists, the other user on this port cannot be
authenticated through IAB.
6. With GSN address binding function enabled on the port, the user
authenticated through the IAB cannot access the network.
4.2.38 Configuring IAB
Authentication with
Switching VLAN
When 802.1x controlled port enters into IAB state, it won't be able to verify user's identity. You
can assign this port to a specific VLAN, and only allow the user to access network resources
on this specific VLAN.