Re: 802.1x port config - monitoring mode to off

scottmanzie1 · ‎04-25-2019

Hi

In an example like this, in monitoring mode

user port configuration...What would be the correct way to strip the port of the config. I'm going to assume no in front of each line is wrong. That was tried with an end user, on one attempt the user was fine, on the other they were kicked off the network. Aware monitoring mode doesn't block you but not sure on correct procedure to remove (the right way) from a port

authentication control-direction in
authentication event fail action next-method
authentication event server dead action reinitialize vlan 301
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication open
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 7
dot1x max-reauth-req 3

thanks

jafrazie · ‎04-25-2019

Do you mean something like this?

https://community.cisco.com/t5/switching/setting-an-interface-back-to-defaults/td-p/1866978

scottmanzie1 · ‎04-25-2019

Hi

No, as that command completely strips the port of all config

I mean only removing the config relevant to dot1x/authentication etc

The other config on the switch port such as vlan, voice vlan, qos etc was to be left

The method of putting no in front of all the lines in the original post was tried, and it had varied results

thanks

jafrazie · ‎04-25-2019

[authentication port-control force-authorized]

This will set 1X state-machine to force-authorized. 1X will still be operational, but never transition out of this state. Is this what you're wanting to do?