Cisco Systems 3560 사용자 설명서

To return to the default value, use the no dot1x auth-fail max-attempts interface configuration 
command.

This example shows how to set 2 as the number of authentication attempts allowed before the port moves 
to the restricted VLAN:

Switch(config-if)# dot1x auth-fail max-attempts 2

You can configure the inaccessible bypass feature, also referred to as critical authentication or the AAA 
fail policy.

You must configure the RADIUS server parameters on the switch to monitor the RADIUS server state 
(see the 

). You 

must also configure the idle time, dead time, and dead criteria. 

 

 
If you do not configure these parameters, the switch prematurely changes the RADIUS server status to 
dead. 

Beginning in privileged EXEC mode, follow these steps to configure the port as a critical port and enable 
the inaccessible authentication bypass feature. This procedure is optional.

dot1x auth-fail max-attempts max 
attempts

Specify a number of authentication attempts to allow before a port moves 
to the restricted VLAN. The range is 1 to 3, and the default is 3.

Return to privileged EXEC mode.

show authentication interface-id

or 

show dot1x interface interface-id

(Optional) Verify your entries.

(Optional) Save your entries in the configuration file.

Enter global configuration mode.

radius-server dead-criteria time time 
tries tries

(Optional) Set the conditions that are used to decide when a RADIUS 
server is considered unavailable or dead. 

The range for time is from 1 to 120 seconds. The switch dynamically 
determines the default seconds value that is 10 to 60 seconds.

The range for tries is from 1 to 100. The switch dynamically determines 
the default tries parameter that is 10 to 100.

radius-server deadtime minutes

(Optional) Set the number of minutes that a RADIUS server is not sent 
requests. The range is from 0 to 1440 minutes (24 hours). The default is 
0 minutes.