Administrator Guide
Security Commands 967
There are three important aspects to this feature after activation:
1
To allow successful authentications using the returned information from
authentication server.
2
To provide a mechanism to report unsuccessful authentications without
negative repercussions to the user due to operator errors or failure cases
from the Authentication server or supplicants.
3
To accurately report the data received from the successful and
unsuccessful operations so that the operator can make the appropriate
changes or learn where the problem areas are.
The monitor mode can be configured globally on a switch. If the switch fails
to authenticate the user for any reason (say RADIUS access reject from
RADIUS server, RADIUS time-out, or the client itself is 802.1x unaware), the
client is authenticated and is undisturbed by the failure condition(s). The
reasons for failure are logged and buffered into the local logging database such
that the operator can track the failure conditions. Clients authenticated when
monitor mode is enabled are always assigned to the default VLAN, regardless
of the RADIUS assignment.
Commands in this Section
This section explains the following commands:
dot1x dynamic-vlan enable dot1x system-auth-control
monitor
server-key
dot1x eapolflood dot1x timeout quiet-period show dot1x
dot1x initialize dot1x timeout re-
authperiod
show dot1x authentication-
history
dot1x mac-auth-bypass dot1x timeout server-
timeout
show dot1x clients
dot1x max-req dot1x timeout supp-
timeout
show dot1x interface
dot1x max-users dot1x timeout tx-period show dot1x interface
statistics
dot1x port-control auth-type show dot1x users
2CSNXXX_SWUM204.book Page 967 Monday, January 25, 2016 1:25 PM