10-42
Catalyst 3750 SwitchSoftware Configuration Guide
OL-8550-09
Chapter10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Beginning in privileged EXEC mode, follow these steps to enable voice aware 802.1x security:
This example shows how to configure the switch to shut down any VLAN on which a security violation
error occurs:
Switch(config)# errdisable detect cause security-violation shutdown vlan
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 4/0/2.
Switch# clear errdisable interface gigabitethernet4/0/2 vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Configuring 802.1x Violation Modes
You can configure an 802.1x port so that it shuts down, generates a syslog error, or discards packets from
a new device when:
a device connects to an 802.1x-enabled port
the maximum number of allowed about devices have been authenticated on the port
Beginning in privileged EXEC mode, follow these steps to configure the security violation actions on
the switch:
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 errdisable detect cause
security-violation shutdown vlan
Shut down any VLAN on which a security violation error occurs.
Note If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.
Step3 errdisable recovery cause
security-violation
(Optional) Enable automatic per-VLAN error recovery.
Step4 clear errdisable interface interface-id
vlan [vlan-list]
(Optional) Reenable individual VLANs that have been error disabled.
For interface-id specify the port on which to reenable individual
VLANs.
(Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.
Step5 shutdown
no-shutdown
(Optional) Re-enable an error-disabled VLAN, and clear all error-disable
indications.
Step6 end Return to privileged EXEC mode.
Step7 show errdisable detect Verify your entries.
Step8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 aaa new-model Enable AAA.