49-74
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 49 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Switch(config-if)#
authentication port-control auto
Switch(config-if)#
end
Switch(config#
end
Switch#
Cisco IOS Release 12.2(46)SG or earlier
Switch#
configure terminal
Switch(config)#
interface fastethernet5/9
Switch(config-if)#
switchport access vlan 2
Switch(config-if)#
switchport mode access
Switch(config-if)#
switchport voice vlan 10
Switch(config-if)#
dot1x pae authenticator
Switch(config-if)#
dot1x port-control auto
Switch(config-if)#
end
Switch(config#
end
Switch#
Configuring Voice Aware 802.1x Security
You use the voice aware 802.1x security feature on the switch to disable only the VLAN on which a security violation occurs,
whether it is a data or voice VLAN. You can use this feature in IP phone deployments where a PC is connected to the IP phone.
A security violation found on the data VLAN results in the shutdown of only the data VLAN. The traffic on the voice VLAN
flows through the switch without interruption.
Follow these guidelines to configure voice aware 802.1x voice security on the switch:
•
You enable voice aware 802.1x security by entering the
errdisable detect cause security-violation shutdown vlan
global
configuration command. You disable voice aware 802.1x security by entering the
no
version of this command. This
command applies to all 802.1x-configured ports in the switch.
Note
If you do not include the
shutdown vlan
keywords, the entire port is shut down when it enters the
error-disabled state.
•
If you use the
errdisable recovery cause security-violation
global configuration command to configure error-disabled
recovery, the port is automatically re-enabled. If error-disabled recovery is not configured for the port, you re-enable it
with the
shutdown
and
no-shutdown
interface configuration commands.
•
You can re-enable individual VLANs with the
clear errdisable interface
interface-id
vlan
[
vlan-list
] privileged EXEC
command. If you do not specify a range, all VLANs on the port are enabled.
To enable voice aware 802.1x security, follow these steps, beginning in privileged EXEC mode:
Command
Purpose
Step 1
Switch#
configure terminal
Enters global configuration mode.
Step 2
Switch(config)#
errdisable detect
cause security-violation shutdown
vlan
Shuts down any VLAN on which a security violation error occurs.
Note
If the
shutdown vlan
keywords are not included, the entire port
enters the error-disabled state and shuts down.
Step 3
Switch(config)#
errdisable recovery
cause security-violation
(Optional) Enables automatic per-VLAN error recovery.
Step 4
Switch(config)#
errdisable recovery
interval
interval
(Optional) Sets a recovery interval (in sec). The
interval
range is 30 to
86400. The default is 300 sec.
Step 5
Switch(config)#
end
Enters exec mode.
Содержание Catalyst 4500 Series
Страница 2: ......
Страница 4: ......
Страница 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...