09-14-2014 07:06 PM - edited 03-10-2019 10:01 PM
Hi,
Need help to understand "authentication event server dead " on interface configuration of the IOS.
I found this applies globally, I mean this condition is triggered if all radius servers are dead.
How if we want to make this condition for only one group of radius?
BR
Tomi
09-15-2014 05:36 PM
The command is used to configure action(s) that will be taken for ports configured for authentication in the event when all Radius servers become unavailable. For instance:
authentication event server dead action authorize vlan 55
authentication event server alive action reinitialize
With the above syntax, the configured port will be authorized/fail-open to VLAN 55 if/when the globally configured Radius servers become unavailable. Once the server(s) become available again all of the configured ports will be re-initialized, thus forcing them to perform regular dot1x/mab authentication.
The command is configured per-port and cannot be tied to a set of Radius servers. The radius servers used are configured under your global aaa commands.
Hope this helps
Thank you for rating helpful posts!
05-15-2016 01:23 AM
hi Neno,
one small query here.
now the command also gives <cr> on
authentication event server dead action authorize ?
so if i do not specify any VLAN what happens then???
thanks,
Nick
04-27-2018 02:08 AM
HI,
What would happen in this scenario.
Access port configured into VLAN50 "switchport access vlan 50" but the radius server dead configuration "authentication event server dead action vlan 10. Vlan 10 does not exist on the switch however, only vlan 50.
I've come across this config and it seemed to cause a problem, i'm just trying to find out why. This was the issue. ISE went unreachable from local switch. Only phones on the switch stayed authenticated. The PCs dropped off the network.
When ISE came back up the PCs still didn't authenticate correctly. On ISE we saw the users as authenticated. But on the switchport, they were showing in an unknown state "show authentication sessions". Bouncing the port caused the users to re-authenticate, but still the port stayed in unknown state. The only work around was to remove the authentication event server dead action vlan 10 and then bounce the port.
So I am trying to work out why this config may have caused this issue? Any ideas?
Thanks
09-16-2014 04:24 AM
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/sw8021x.html#wp1274284
link explains the following command
authentication event server dead action {authorize | reinitialize} vlan vlan-id
this is interface level command
07-15-2021 03:05 PM - edited 07-15-2021 03:06 PM
Hi,
This is critical auth for multi-domain:
switchport mode access
switchport access vlan <X>
authentication host-mode multi-domain
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
No need to specify the VLAN. It is the access port VLAN.
This is critical auth for multi-auth:
switchport access vlan <X>
switchport mode access
authentication host-mode multi-auth
authentication event server dead action reinitialize vlan <X>
authentication event server dead action authorize voice
authentication event server alive action reinitialize
Please check you switchport config.
BR,
Octavian
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: