show authentication sessions
show authentication interface XXX
show dot1x interface XXX
debug dot1x events
debug radius
11 Sept 2013
A dot1x adventure...
802.1x
It's hell of an adventure, so strap your gas mask on and join me at the barricades!!
(article is wip, starting with notes first..)
Notes:
Use "Cisco-AV-Pair" parameter with value "device-traffic-class=voice" to make the switch put an IP Phone into a voice vlan.
default is shutdown. i shall use restrict
inactivity timer (cisco default off)
I'll be using radius returned parameters for most of this.
It's hell of an adventure, so strap your gas mask on and join me at the barricades!!
(article is wip, starting with notes first..)
Notes:
Use "Cisco-AV-Pair" parameter with value "device-traffic-class=voice" to make the switch put an IP Phone into a voice vlan.
1. host-mode selection
2. err-disable settings
authentication violation restrict|shutdowndefault is shutdown. i shall use restrict
3. re-auth & timers
inactivity timer (cisco default off)
- Radius can return Idle-Timeout (in seconds)
- Radius can return the action to take Termination-Action (I use Default which is reauth without service outage)
I'll be using radius returned parameters for most of this.
4. critical AAA
Subscribe to:
Posts (Atom)