10-59
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet1/0/2
Switch(config)# interface gigabitethernet0/2
Switch(config)# radius-server deadtime 60
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical recovery action reinitialize
Switch(config-if)# dot1x critical vlan 20
Switch(config-if)# end
Step 8 dot1x critical [recovery
action reinitialize | vlan
vlan-id]
Enable the inaccessible authentication bypass feature, and use these keywords to
configure the feature:
recovery action reinitialize—Enable the recovery feature, and specify that th e
recovery action is to authenticate the port when an authentication server is
available.
vlan vlan-id—Specify the access VLAN to which the switch can assign a
critical port. The range is from 1 to 4094.
Step 9 end Return to privileged EXEC mode.
Step 10 show authentication
interface interface-id
or
show dot1x interface
interface-id
(Optional) Verify your entries.
Step 11 copy running-config
startup-config
(Optional) Save your entries in the configuration file.
Command Purpose