Home » HP Manuals » Servers » HP Cisco Catalyst Blade Switch 3020 » Manual Viewer

HP Cisco Catalyst Blade Switch 3020 Cisco Catalyst Blade Switch 3020 for HP Co - Page 93

dot1x critical (interface configuration

View all HP Cisco Catalyst Blade Switch 3020 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 93 highlights

Chapter 2 Cisco Catalyst Blade Switch 3020 for HP Cisco IOS Commands dot1x critical (interface configuration) dot1x critical (interface configuration) Use the dot1x critical interface configuration command on a standalone switch to enable the inaccessible-authentication-bypass feature, also referred to as critical authentication or the authentication, authorization, and accounting (AAA) fail policy. You can also configure the access VLAN to which the switch assigns the critical port when the port is in the critical-authentication state. To disable the feature or return to default, use the no form of this command. dot1x critical [recovery action reinitialize | vlan vlan-id] no dot1x critical [recovery | vlan] Syntax Description recovery action reinitialize vlan vlan-id Enable the inaccessible-authentication-bypass recovery feature, and specify that the recovery action is to authenticate the port when an authentication server is available. Specify the access VLAN to which the switch can assign a critical port. The range is from 1 to 4094. Defaults The inaccessible-authentication-bypass feature is disabled. The recovery action is not configured. The access VLAN is not configured. Command Modes Interface configuration Command History Release 12.2(25)SEF Modification This command was introduced. Usage Guidelines To specify the access VLAN to which the switch assigns a critical port when the port is in the critical-authentication state, use the vlan vlan-id keywords. The specified type of VLAN must match the type of port, as follows: • If the critical port is an access port, the VLAN must be an access VLAN. • If the critical port is a private VLAN host port, the VLAN must be a secondary private VLAN. • If the critical port is a routed port, you can specify a VLAN, but this is optional. If the client is running Windows XP and the critical port to which the client is connected is in the critical-authentication state, Windows XP might report that the interface is not authenticated. If the Windows XP client is configured for DHCP and has an IP address from the DHCP server, receiving an EAP-Success message on a critical port might not re-initiate the DHCP configuration process. OL-8916-01 Cisco Catalyst Blade Switch 3020 for HP Command Reference 2-65

Section	Page
Cisco Catalyst Blade Switch 3020 for HP Command Reference	1
Contents	3
Preface	15
Audience	15
Purpose	15
Conventions	15
Related Publications	16
Obtaining Documentation	17
Cisco.com	17
Product Documentation DVD	17
Ordering Documentation	17
Documentation Feedback	18
Cisco Product Security Overview	18
Reporting Security Problems in Cisco Products	18
Obtaining Technical Assistance	19
Cisco Technical Support & Documentation Website	19
Submitting a Service Request	20
Definitions of Service Request Severity	20
Obtaining Additional Publications and Information	20
Using the Command-Line Interface	23
CLI Command Modes	23
User EXEC Mode	25
Privileged EXEC Mode	25
Global Configuration Mode	25
Interface Configuration Mode	26
config-vlan Mode	26
VLAN Configuration Mode	27
Line Configuration Mode	27
Cisco Catalyst Blade Switch 3020 for HP Cisco IOS Commands	29
aaa accounting dot1x	29
aaa authentication dot1x	31
aaa authorization network	33
action	34
archive download-sw	36
archive tar	39
archive upload-sw	42
auto qos voip	44
boot boothlpr	48
boot config-file	49
boot enable-break	50
boot helper	51
boot helper-config-file	52
boot manual	53
boot private-config-file	54
boot system	55
channel-group	56
channel-protocol	59
class	60
class-map	62
clear dot1x	64
clear eap sessions	65
clear lacp	66
clear mac address-table	67
clear mac address-table move update	69
clear pagp	70
clear port-security	71
clear spanning-tree counters	73
clear spanning-tree detected-protocols	74
clear vmps statistics	75
clear vtp counters	76
define interface-range	77
delete	79
deny (MAC access-list configuration)	80
dot1x	83
dot1x auth-fail max-attempts	85
dot1x auth-fail vlan	87
dot1x control-direction	89
dot1x critical (global configuration)	91
dot1x critical (interface configuration)	93
dot1x default	95
dot1x guest-vlan	96
dot1x host-mode	98
dot1x initialize	99
dot1x mac-auth-bypass	100
dot1x max-reauth-req	102
dot1x max-req	103
dot1x pae	104
dot1x port-control	105
dot1x re-authenticate	107
dot1x reauthentication	108
dot1x timeout	109
duplex	112
errdisable detect cause	114
errdisable recovery	116
exception crashinfo	118
flowcontrol	119
interface port-channel	121
interface range	123
interface vlan	125
ip access-group	126
ip address	128
ip dhcp snooping	130
ip dhcp snooping information option	131
ip dhcp snooping information option allow-untrusted	133
ip dhcp snooping information option format remote-id	135
ip dhcp snooping limit rate	137
ip dhcp snooping trust	138
ip dhcp snooping verify	139
ip dhcp snooping vlan	140
ip dhcp snooping vlan information option format-type circuit-id string	141
ip igmp filter	143
ip igmp max-groups	144
ip igmp profile	146
ip igmp snooping	148
ip igmp snooping last-member-query-interval	150
ip igmp snooping querier	152
ip igmp snooping report-suppression	154
ip igmp snooping tcn	156
ip igmp snooping tcn flood	158
ip igmp snooping vlan immediate-leave	159
ip igmp snooping vlan mrouter	161
ip igmp snooping vlan static	163
ip ssh	165
lacp port-priority	167
lacp system-priority	169
link state group	171
link state track	173
logging event	174
logging file	175
mac access-group	177
mac access-list extended	179
mac address-table aging-time	181
mac address-table move update	182
mac address-table notification	184
mac address-table static	186
mac address-table static drop	187
macro apply	189
macro description	192
macro global	193
macro global description	196
macro name	197
match (access-map configuration)	199
match (class-map configuration)	201
mdix auto	203
media-type	205
mls qos	207
mls qos aggregate-policer	209
mls qos cos	211
mls qos dscp-mutation	213
mls qos map	215
mls qos queue-set output buffers	219
mls qos queue-set output threshold	221
mls qos rewrite ip dscp	223
mls qos srr-queue input bandwidth	225
mls qos srr-queue input buffers	227
mls qos srr-queue input cos-map	229
mls qos srr-queue input dscp-map	231
mls qos srr-queue input priority-queue	233
mls qos srr-queue input threshold	235
mls qos srr-queue output cos-map	237
mls qos srr-queue output dscp-map	239
mls qos trust	241
mls qos vlan-based	243
monitor session	244
mvr (global configuration)	248
mvr (interface configuration)	251
pagp learn-method	254
pagp port-priority	256
permit (MAC access-list configuration)	258
police	261
police aggregate	263
policy-map	265
port-channel load-balance	268
priority-queue	270
queue-set	272
radius-server dead-criteria	273
radius-server host	275
remote-span	277
rmon collection stats	279
service password-recovery	280
service-policy	282
set	285
setup	287
setup express	290
show access-lists	292
show archive status	295
show auto qos	296
show boot	299
show cable-diagnostics tdr	301
show class-map	303
show controllers cpu-interface	304
show controllers ethernet-controller	306
show controllers tcam	314
show controllers utilization	316
show dot1x	318
show dtp	322
show eap	324
show env	327
show errdisable detect	328
show errdisable flap-values	330
show errdisable recovery	332
show etherchannel	334
show flowcontrol	337
show interfaces	339
show interfaces counters	347
show inventory	349
show ip dhcp snooping	350
show ip dhcp snooping binding	351
show ip igmp profile	353
show ip igmp snooping	354
show ip igmp snooping groups	356
show ip igmp snooping mrouter	358
show ip igmp snooping querier	360
show lacp	362
show link state group	366
show mac access-group	368
show mac address-table	370
show mac address-table address	372
show mac address-table aging-time	374
show mac address-table count	375
show mac address-table dynamic	377
show mac address-table interface	379
show mac address-table move update	381
show mac address-table notification	383
show mac address-table static	385
show mac address-table vlan	387
show mls qos	389
show mls qos aggregate-policer	390
show mls qos input-queue	391
show mls qos interface	393
show mls qos maps	397
show mls qos queue-set	400
show mls qos vlan	402
show monitor	403
show mvr	405
show mvr interface	407
show mvr members	409
show pagp	411
show parser macro	413
show policy-map	416
show port-security	418
show setup express	421
show spanning-tree	422
show storm-control	428
show system mtu	430
show udld	431
show version	434
show vlan	436
show vlan access-map	441
show vlan filter	442
show vmps	443
show vtp	446
shutdown	451
shutdown vlan	452
snmp-server enable traps	453
snmp-server host	456
snmp trap mac-notification	460
spanning-tree backbonefast	462
spanning-tree bpdufilter	463
spanning-tree bpduguard	465
spanning-tree cost	467
spanning-tree etherchannel guard misconfig	469
spanning-tree extend system-id	471
spanning-tree guard	473
spanning-tree link-type	475
spanning-tree loopguard default	477
spanning-tree mode	479
spanning-tree mst configuration	481
spanning-tree mst cost	483
spanning-tree mst forward-time	485
spanning-tree mst hello-time	486
spanning-tree mst max-age	487
spanning-tree mst max-hops	488
spanning-tree mst port-priority	490
spanning-tree mst pre-standard	492
spanning-tree mst priority	493
spanning-tree mst root	494
spanning-tree port-priority	496
spanning-tree portfast (global configuration)	498
spanning-tree portfast (interface configuration)	500
spanning-tree transmit hold-count	502
spanning-tree uplinkfast	503
spanning-tree vlan	505
speed	508
srr-queue bandwidth limit	510
srr-queue bandwidth shape	512
srr-queue bandwidth share	514
storm-control	516
switchport access	519
switchport backup interface	521
switchport block	524
switchport host	525
switchport mode	526
switchport nonegotiate	528
switchport port-security	530
switchport port-security aging	535
switchport priority extend	537
switchport protected	539
switchport trunk	540
switchport voice vlan	543
system mtu	545
test cable-diagnostics tdr	547
traceroute mac	548
traceroute mac ip	551
trust	553
udld	555
udld port	557
udld reset	559
vlan (global configuration)	560
vlan (VLAN configuration)	565
vlan access-map	571
vlan database	573
vlan filter	576
vmps reconfirm (privileged EXEC)	578
vmps reconfirm (global configuration)	579
vmps retry	580
vmps server	581
vtp (global configuration)	583
vtp (VLAN configuration)	587
Cisco Catalyst Switch 3020 for HP Boot Loader Commands	591
boot	592
cat	594
copy	595
delete	596
dir	597
flash_init	599
format	600
fsck	601
help	602
load_helper	603
memory	604
mkdir	605
more	606
rename	607
reset	608
rmdir	609
set	610
type	613
unset	614
version	616
Cisco Catalyst Blade Switch 3020 for HP DebugCommands	617
debug auto qos	618
debug backup	620
debug dot1x	621
debug dtp	623
debug eap	624
debug etherchannel	626
debug interface	628
debug ip igmp filter	630
debug ip igmp max-groups	631
debug ip igmp snooping	632
debug lacp	633
debug mac-notification	634
debug matm	635
debug matm move update	636
debug monitor	637
debug mvrdbg	638
debug nvram	639
debug pagp	640
debug platform acl	641
debug platform backup interface	642
debug platform cpu-queues	643
debug platform dot1x	645
debug platform etherchannel	646
debug platform forw-tcam	647
debug platform ip dhcp	648
debug platform ip igmp snooping	649
debug platform led	651
debug platform matm	652
debug platform messaging application	654
debug platform phy	655
debug platform pm	657
debug platform port-asic	659
debug platform port-security	660
debug platform qos-acl-tcam	661
debug platform remote-commands	662
debug platform resource-manager	663
debug platform snmp	664
debug platform span	665
debug platform supervisor-asic	666
debug platform sw-bridge	667
debug platform tcam	668
debug platform udld	670
debug platform vlan	671
debug pm	672
debug port-security	674
debug qos-manager	675
debug spanning-tree	676
debug spanning-tree backbonefast	678
debug spanning-tree bpdu	679
debug spanning-tree bpdu-opt	680
debug spanning-tree mstp	681
debug spanning-tree switch	683
debug spanning-tree uplinkfast	685
debug sw-vlan	686
debug sw-vlan ifs	688
debug sw-vlan notification	690
debug sw-vlan vtp	692
debug udld	694
debug vqpc	696
Cisco Catalyst Blade Switch 3020 for HP ShowPlatform Commands	697
show platform acl	698
show platform backup interface	699
show platform configuration	700
show platform etherchannel	701
show platform forward	702
show platform ip igmp snooping	704
show platform layer4op	706
show platform mac-address-table	707
show platform messaging	708
show platform monitor	709
show platform mvr table	710
show platform pm	711
show platform port-asic	712
show platform port-security	717
show platform qos	718
show platform resource-manager	719
show platform snmp counters	721
show platform spanning-tree	722
show platform stp-instance	723
show platform tcam	724
show platform vlan	726

Match case Limit results 1 per page

2-65

Cisco Catalyst Blade Switch 3020 for HP Command Reference

OL-8916-01

Chapter 2

Cisco Catalyst Blade Switch 3020 for HP Cisco IOS Commands

dot1x critical (interface configuration)

Use the

dot1x critical

interface configuration command on a standalone switch to enable the

inaccessible-authentication-bypass feature, also referred to as critical authentication or the

authentication, authorization, and accounting (AAA) fail policy. You can also configure the access

VLAN to which the switch assigns the critical port when the port is in the critical-authentication state.

To disable the feature or return to default, use the

form of this command.

dot1x critical

[

recovery action reinitialize

vlan

vlan-id

]

no dot1x critical

[

recovery

vlan

]

Syntax Description

Defaults

The inaccessible-authentication-bypass feature is disabled.

The recovery action is not configured.

The access VLAN is not configured.

Command Modes

Interface configuration

Command History

Usage Guidelines

To specify the access VLAN to which the switch assigns a critical port when the port is in the

critical-authentication state, use the

vlan

vlan-id

keywords. The specified type of VLAN must match the

type of port, as follows:

•

If the critical port is an access port, the VLAN must be an access VLAN.

•

If the critical port is a private VLAN host port, the VLAN must be a secondary private VLAN.

•

If the critical port is a routed port, you can specify a VLAN, but this is optional.

If the client is running Windows XP and the critical port to which the client is connected is in the

critical-authentication state, Windows XP might report that the interface is not authenticated.

If the Windows XP client is configured for DHCP and has an IP address from the DHCP server, receiving

an EAP-Success message on a critical port might not re-initiate the DHCP configuration process.

recovery action reinitialize

Enable the inaccessible-authentication-bypass recovery feature, and

specify that the recovery action is to authenticate the port when an

authentication server is available.

vlan

vlan-id

Specify the access VLAN to which the switch can assign a critical

port. The range is from 1 to 4094.

Release

Modification

12.2(25)SEF

This command was introduced.