01-26-2021 06:42 AM
Is it possible to place a port in error-disabled state when 802.1x is exhausted and failed.
Reason is, that if someone tries to connect unauthorized equipment, I want the port to shutdown and manual intervention in order to open the port again.
Already tried: authentication violation shutdown on the port, which does not have the desired effect.
!
interface GigabitEthernet0/2
switchport mode access
switchport nonegotiate
authentication port-control auto
dot1x pae authenticator
dot1x timeout quiet-period 3
dot1x timeout server-timeout 40
dot1x timeout tx-period 1
dot1x timeout supp-timeout 5
dot1x max-req 7
dot1x max-reauth-req 7
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end
!
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE4,
01-26-2021 06:45 AM - edited 01-26-2021 06:45 AM
enabling dot1x. with error-disabled not suggested method, dot1.x can be different Null VLAN default - if the user not authenticated as default VLAN (which not go any where rather dummy VLAN)
May be if you looking for port-security you need to look for - switchport port-security
01-26-2021 06:56 AM
how would switchport port-security achieve the desired result?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide