10-39
Cisco IE 3010 Switch Software Configuration Guide
OL-23145-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Beginning in privileged EXEC mode, follow these steps to enable voice aware 802.1x security:
This example shows how to configure the switch to shut down any VLAN on which a security violat ion
error occurs:
Switch(config)# errdisable detect cause security-violation shutdown vlan
This example shows how to re-enable all VLANs that were error disable d.
Switch# clear errdisable interface gigabitethernet0/2 vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from
a new device when:
a device connects to an 802.1x-enabled port
the maximum number of allowed about devices have been authenticated on the port
Beginning in privileged EXEC mode, follow these steps to configure the securi ty violation actions on
the switch:
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 errdisable detect cause
security-violation shutdown vlan
Shut down any VLAN on which a security violation error occurs.
Note If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.
Step 3 errdisable recovery cause
security-violation
(Optional) Enable automatic per-VLAN error recovery.
Step 4 clear errdisable interface interface-id
vlan [vlan-list]
(Optional) Reenable individual VLANs that have been error disabled.
For interface-id specify the port on which to reenable individual
VLANs.
(Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.
Step 5 shutdown
no-shutdown
(Optional) Re-enable an error-disabled VLAN, and clear all error-disable
indications.
Step 6 end Return to privileged EXEC mode.
Step 7 show errdisable detect Verify your entries.
Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 aaa new-model Enable AAA.