Cisco Systems 2960 Benutzerhandbuch
10-42
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
•
If you use the errdisable recovery cause security-violation global configuration command to
configure error-disabled recovery, the port is automatically re-enabled. If error-disabled recovery is
not configured for the port, you re-enable it by using the shutdown and no-shutdown interface
configuration commands.
configure error-disabled recovery, the port is automatically re-enabled. If error-disabled recovery is
not configured for the port, you re-enable it by using the shutdown and no-shutdown interface
configuration commands.
•
You can re-enable individual VLANs by using the clear errdisable interface interface-id
vlan
[vlan-list] privileged EXEC command. If you do not specify a range, all VLANs on the port are
enabled.
enabled.
Beginning in privileged EXEC mode, follow these steps to enable voice aware 802.1x security:
This example shows how to configure the switch to shut down any VLAN on which a security violation
error occurs:
error occurs:
Switch(config)# errdisable detect cause security-violation shutdown vlan
This example shows how to re-enable all VLANs that were error disabled on port Gigabit Ethernet 0/2.
Switch# clear errdisable interface gigabitethernet0/2 vlan
You can verify your settings by entering the show errdisable detect privileged EXEC command.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
errdisable detect cause
security-violation shutdown vlan
security-violation shutdown vlan
Shut down any VLAN on which a security violation error occurs.
Note
If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.
enters the error-disabled state and shuts down.
Step 3
errdisable recovery cause
security-violation
security-violation
(Optional) Enable automatic per-VLAN error recovery.
Step 4
clear errdisable interface interface-id
vlan
[vlan-list]
(Optional) Reenable individual VLANs that have been error disabled.
•
For interface-id specify the port on which to reenable individual
VLANs.
VLANs.
•
(Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.
vlan-list is not specified, all VLANs are re-enabled.
Step 5
shutdown
no-shutdown
(Optional) Re-enable an error-disabled VLAN, and clear all error-disable
indications.
indications.
Step 6
end
Return to privileged EXEC mode.
Step 7
show errdisable detect
Verify your entries.
Step 8
copy running-config startup-config
(Optional) Save your entries in the configuration file.