topic Hi crni00000 in Network Access Control

Dot1x inaccessible authentication bypass

Michael Ly — Mon, 11 Mar 2019 07:47:50 GMT

Hi there

Wondering if someone could help me out here i'm trying to configure inaccessible authentication bypass on a 2960-x switch but does not seem to be listing the "server" option, do I have to enter a command to enable this option?

Current image running: c2960x-universalk9-mz.152-5b.E.bin

(config-if)#authentication event ?
fail Configure failed authentication actions/parameters
no-response Configure non-responsive host actions

Any help would be greatly appreciated.

To move unauthenticated hosts

Predrag Jovic — Mon, 19 Jun 2017 13:47:38 GMT

To move unauthenticated hosts to specific VLAN (e.g 100):

interface Gi1/0/x

authentication port-control auto

authentication event fail action authorize vlan 100

authentication event no-response action authorize vlan 100

For more information, you can check link

IEEE 802.1X Auth Fail VLAN

Hi crni00000

Michael Ly — Mon, 19 Jun 2017 23:53:34 GMT

Hi crni00000

Thanks for your reply, i'd like to authorize a vlan in the event when the RADIUS server is no longer contactable and a critical vlan is configured. I've had a look at another 2960-x switch on our network and it does give the "server" option

(config-if)#authentication event ?
fail Configure failed authentication actions/parameters
no-response Configure non-responsive host actions
server Configure actions for AAA server events

Image version: c2960x-universalk9-mz.150-2a.EX5.bin

Any ideas? Only difference is that this one is a WS-2960x-48TD-L and the other i am trying to configure is a Cisco Catalyst 2960X-48TS-L

Command should be available.

Predrag Jovic — Tue, 20 Jun 2017 04:13:38 GMT

Command should be available. It could be IOS bug similar to CSCuq62682, although 2960-X is not listed here.

Try to upgrade IOS version.