Cisco Systems 3560 Manual De Usuario

To disable MAC authentication bypass, use the no dot1x mac-auth-bypass interface configuration 
command. 

This example shows how to enable MAC authentication bypass:

Switch(config-if)# dot1x mac-auth-bypass

You can configure NAC Layer 2 802.1x validation, which is also referred to as 802.1x authentication 
with a RADIUS server.

Beginning in privileged EXEC mode, follow these steps to configure NAC Layer 2 802.1x validation. 
The procedure is optional.

dot1x mac-auth-bypass [eap | timeout 
activity {value}]

Enable MAC authentication bypass.

(Optional) Use the eap keyword to configure the switch to use EAP for 
authorization.

(Optional) Use the timeout activity keywords to configured the number 
of seconds that a connected host can be inactive before it is placed in an 
unauthorized state. The range is 1 to 65535. 

You must enable port security before configuring a time out value. For 
more information, see the 

.

Return to privileged EXEC mode.

show authentication interface-id

or 

show dot1x interface interface-id

Verify your entries.

(Optional) Save your entries in the configuration file.

Enter global configuration mode.

interface interface-id

Specify the port to be configured, and enter interface configuration mode.

dot1x guest-vlan vlan-id

Specify an active VLAN as an 802.1x guest VLAN. The range is 1 to 
4094.

You can configure any active VLAN except an internal VLAN (routed 
port), an RSPAN VLAN, or a voice VLAN as an 802.1x guest VLAN.

or 

Enable periodic re-authentication of the client, which is disabled by 
default.