12-45
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 12 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Configuring the Inaccessible Authentication Bypass Feature
You can configure the inaccessible bypass feature, also referred to as critical authentication or the AAA
fail policy.
Note
You must configure the RADIUS server parameters on the switch to monitor the RADIUS server state
(see the
“Configuring the Switch-to-RADIUS-Server Communication” section on page 12-34
). You
must also configure the idle time, dead time, and dead criteria.
If you do not configure these parameters, the switch prematurely changes the RADIUS server status to
dead.
Beginning in privileged EXEC mode, follow these steps to configure the port as a critical port and enable
the inaccessible authentication bypass feature. This procedure is optional.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
radius-server dead-criteria time
time
tries
tries
(Optional) Set the conditions that are used to decide when a RADIUS
server is considered unavailable or
dead
.
The range for
time
is from 1 to 120 seconds. The switch dynamically
determines the default
seconds
value that is 10 to 60 seconds.
The range for
tries
is from 1 to 100. The switch dynamically determines
the default
tries
parameter that is 10 to 100.
Step 3
radius-server deadtime
minutes
(Optional) Set the number of minutes that a RADIUS server is not sent
requests. The range is from 0 to 1440 minutes (24 hours). The default is
0 minutes.