Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
0
Helpful
2
Replies

How to place port in error-disabled when 802.1x fails

Rene2
Level 1
Level 1

‎01-26-2021 06:42 AM

Is it possible to place a port in error-disabled state when 802.1x is exhausted and failed.

Reason is, that if someone tries to connect unauthorized equipment, I want the port to shutdown and manual intervention in order to open the port again.

 

Already tried: authentication violation shutdown on the port, which does not have the desired effect.

 

!

interface GigabitEthernet0/2
switchport mode access
switchport nonegotiate
authentication port-control auto
dot1x pae authenticator
dot1x timeout quiet-period 3
dot1x timeout server-timeout 40
dot1x timeout tx-period 1
dot1x timeout supp-timeout 5
dot1x max-req 7
dot1x max-reauth-req 7
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end

!

 

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE4,

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2021 06:45 AM - edited ‎01-26-2021 06:45 AM

enabling dot1x. with error-disabled not suggested method, dot1.x can be different Null VLAN default - if the user not authenticated as default VLAN (which not go any where rather dummy VLAN)

 

May be if you looking  for port-security you need to look for  - switchport port-security

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rene2
Level 1
Level 1
In response to balaji.bandi

‎01-26-2021 06:56 AM

how would switchport port-security achieve the desired result?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card