05-24-2018 12:55 PM - edited 03-08-2019 03:07 PM
Hi there,
I'm configuring dot1x with Windows Server as Radius NPS. Authentication with username is working well. I've configured "authentication violation shutdown" (port will be shutdown and in error-disable mode), but when authorization is failed, port status doesn't change to shutdown and error-disable mode.
I hope someone got an idea how to achieve this.
Thanks & regards,
Sam Saul
05-24-2018 01:08 PM
Hi Sam,
I think your understanding of that command is incorrect. As per this link here, "the violation modes that occur when a new device connects to a port or when a new device connects to a port after the maximum number of devices are connected to that port, use the authentication violation interface configuration command."
Do you want to essentially deny access if the user fails authentication/authorization? If so use 802.1x closed mode, which would not allow access if user fails.
HTH
05-24-2018 01:23 PM
05-24-2018 01:28 PM
Commands are below:-
interface range GigabitEthernet 1/0/1
no authentication open
or if running IBNS 2.0
interface GigabitEthernet1/0/1
access-session closed
Most people start off in open mode, so if authentication/authorization fails they can still permit access. They run in this mode for a period so as to monitor the devices and ensure the everything is working as expected before then moving to closed mode.
HTH
05-24-2018 01:32 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide