10-56
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To disable and remove the restricted VLAN, use the no dot1x auth-fail vlan interface configuration
command. The port returns to the unauthorized state.
This example shows how to enable VLAN 2 as an 802.1x restricted VLAN:
Switch(config-if)# dot1x auth-fail vlan 2
You can configure the maximum number of authentication attempts allowed before a user is assigned to
the restricted VLAN by using the dot1x auth-fail max-attempts interface configuration command. The
range of allowable authentication attempts is 1 to 3. The default is 3 attempts.
Beginning in privileged EXEC mode, follow these steps to configure the maximum numbe r of allowed
authentication attempts. This procedure is optional.
To return to the default value, use the no dot1x auth-fail max-attempts interface configuration
command.
Step 7 show authentication interface-id
or
show dot1x interface interface-id
(Optional) Verify your entries.
Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the “802.1x Authentication
Configuration Guidelines” section on page 10-38.
Step 3 switchport mode access Set the port to access mode.
Step 4 authentication port-control auto
or
dot1x port-control auto
Enable 802.1x authentication on the port.
Step 5 dot1x auth-fail vlan vlan-id Specify an active VLAN as an 802.1x restricted VLAN. The range is
1 to 4094.
You can configure any active VLAN except an RSPAN VLAN or a voice
VLAN as an 802.1x restricted VLAN.
Step 6 dot1x auth-fail max-attempts max
attempts
Specify a number of authentication attempts to allow before a port moves
to the restricted VLAN. The range is 1 to 3, and the default is 3.
Step 7 end Return to privileged EXEC mode.
Step 8 show authentication interface-id
or
show dot1x interface interface-id
(Optional) Verify your entries.
Step 9 copy running-config startup-config (Optional) Save your entries in the configuration file.