Cisco Systems 3560 ユーザーズマニュアル
10-51
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To return to the RADIUS server default settings, use the no radius-server dead-criteria, the no
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
radius-server deadtime, and the no radius-server host global configuration commands. To return to
the default settings of inaccessible authentication bypass, use the no dot1x critical {eapol | recovery
delay} global configuration command. To disable inaccessible authentication bypass, use the no dot1x
critical interface configuration command.
This example shows how to configure the inaccessible authentication bypass feature:
Switch(config)# radius-server dead-criteria time 30 tries 20
Switch(config)# radius-server deadtime 60
Switch(config)# radius-server host 1.1.1.2 acct-port 1550 auth-port 1560 test username
user1 idle-time 30 key abc1234
Switch(config)# dot1x critical eapol
Switch(config)# dot1x critical recovery delay 2000
Switch(config)# interface gigabitethernet 0/1
Switch(config)# radius-server deadtime 60
Switch(config-if)# dot1x critical
Switch(config-if)# dot1x critical recovery action reinitialize
Switch(config-if)# dot1x critical vlan 20
Switch(config-if)# end
Configuring 802.1x Authentication with WoL
Beginning in privileged EXEC mode, follow these steps to enable 802.1x authentication with WoL. This
procedure is optional.
procedure is optional.
Step 7
dot1x critical [recovery action
reinitialize | vlan vlan-id]
reinitialize | vlan vlan-id]
Enable the inaccessible authentication bypass feature, and use these
keywords to configure the feature:
keywords to configure the feature:
•
recovery action reinitialize—Enable the recovery feature, and
specify that the recovery action is to authenticate the port when an
authentication server is available.
specify that the recovery action is to authenticate the port when an
authentication server is available.
•
vlan vlan-id—Specify the access VLAN to which the switch can
assign a critical port. The range is from 1 to 4094.
assign a critical port. The range is from 1 to 4094.
Step 8
end
Return to privileged EXEC mode.
Step 9
show authentication interface
interface-id
interface-id
or
show dot1x interface interface-id
(Optional) Verify your entries.
Step 10
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface interface-id
Specify the port to be configured, and enter interface configuration mode.
For the supported port types, see the
For the supported port types, see the