I am aware of the ability of Cisco switches to provide "Inaccessible Authentication Bypass" as seen in the following configuration guide:
I am using Cisco 3650 switches running 3.6.6E code release. We currently have a basic MAB environment which is permitting all devices for "discovery". In the event that the authentication server is unreachable, I would like the switch to simply enable the ports so that our employees can continue working.
Is it possible to "fail open" so that the device uses the existing vlans assigned on the port? It appears that I can simply issue
switch(config-if)#authentication event server dead action authorize ?
vlan Configure Critical Authorization VLAN
voice Authorize the port for VOICE traffic
As long as I do not provide a vlan specifically, it will simply authorize the port as if there was no authentication mechanism whatsoever?
Thanks for any advice!
Solved! Go to Solution.
Thank you for the clarification, RJI!
This worked wonderful one I applied
authentication event server dead action authorize
authentication event server dead action authorize voice
Both the data and voice device (laptop plugged into phone switch port) worked. However, once I applied
authentication event server alive action reinitialize
The radius server for some reason was marked as up and I was unable to authenticate. Perhaps it was that I null routed the radius server IP.