Authentication host-mode and violation on 881 routers

Leroy Plock · ‎03-31-2014

Hi,

I'm seeing some confusing behavior on 881 routers running IOS 15.2(4)M4 and was wondering if anyone could explain.

We would like to run authentication violation restrict to only block unauthenticated devices, not shut down the interface.

From interface config mode, the command authentication violation {restrict | shutdown} is not available.

(config-if)#authentication violation ?
% Unrecognized command
(config-if)#authentication violation

But, if you do a show run all, the command authentication violation shutdown is there. (Not there with just show run).

sh run all | i interface|violation
....
interface FastEthernet0
authentication violation shutdown
interface FastEthernet1
authentication violation shutdown
interface FastEthernet2
authentication violation shutdown
interface FastEthernet3
authentication violation shutdown
...

So it looks like the interface is set to authentication violation shutdown and can't be changed.

However, in testing the behavior matched authentication violation restrict, not authentication violation shutdown. Unauthenticated devices did not cause the interface to shut down.

So it's actually working the way we want, but I'm nervous as to whether it will do so consistently given the behavior which is contrary to the running config.

We have only seend this behavior on the 881s. 4506 and 3750 switches work the way you would expect.

Can anyone shed any light? Thanks.

edwjames · ‎04-02-2014

Leroy,

What is the current configiration of the 881?

Could you share that?

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed