aaa port-access critical-auth

Syntax

aaa port-access <PORT-LIST> critical-auth {voice-vlan <VLAN-ID> | data-vlan <VLAN-ID>
 | user-role <ROLE-NAME>}

no aaa port-access <PORT-LIST> critical-auth {voice-vlan <VLAN-ID> | data-vlan <VLAN-ID>
 | user-role <ROLE-NAME>}

Description

Configures and enables critical authentication for clients due to nonreachable authentication server.

The no form of this command disables the critical authentication.

Command context

manager

Parameters

<PORT-LIST>

Specifies the port or list of ports to configure with Critical Authentication.

<VLAN-ID>

Specifies the IP of the voice or data VLAN being configured with Critical Authentication.

<ROLE-NAME>

Specifies the role name assigned to the user-role for Critical Authentication.

Restrictions

  • Critical authentication is only available for MAC-based and 802.1x authentication.

show port-access clients

Use the show commands to display Critical Authentication and Open Authentication information and status.

switch# show port-access clients 

  Port Access Client Status
 
Port  Client Name   MAC Address    IP Address User Role  Type  VLAN
----- ------------- -------------- ---------- ---------- ----- ----
A1    b4b0178db6a2  b4b017-8db6a2     n/a     critical_role     MAC       
A2    b4b0178db6a3  b4b017-8db6a3     n/a     open-auth_role    MAC       

show port-access authenticator clients

switch# show port-access authenticator clients 

  Port Access Authenticator Client Status
 
Port  Client Name   MAC Address    IP Address Session Status
----- ------------- -------------- ---------  -------------
A1    b4b0178db6a2  b4b017-8db6a2     n/a      critical                
A2    b4b0178db6a3  b4b017-8db6a3     n/a      open-auth  

show port-access mac-based clients

switch# show port-access mac-based clients 

  Port Access MAC-Based Client Status
 
		Port  Client Name   MAC Address   IP Address Session Status
		----- ------------- ------------- ---------- --------------
		A1    b4b0178db6a2  b4b017-8db6a2   n/a     critical-auth                
		A2    b4b0178db6a3  b4b017-8db6a3   n/a     open-auth

switch# show port-access mac-based clients A1 detailed

		Port Access MAC-Based Client Status Detailed

 	Client Base Details:
   Port           : A1
   Session Status : critical auth  Session Time (Sec) : 6
   Username       : client1  MAC Address   : b4b0178db6a2
   IP             : n/a
		 ...

switch# show port-access mac-based clients A2 detailed

		Port Access MAC-Based Client Status Detailed

 	Client Base Details:
   Port           : A2
   Session Status : open-auth Session Time (Sec) : 6
   Username       : client1   MAC Address   : b4b0178db6a3
   IP             : n/a
			...  

show running config

switch# show runnig-config

aaa port-access A1 critical-auth voice-vlan 10
aaa port-access A2 critical-auth user-role guest_role
aaa port-access A4 open-auth voice-vlan 10
aaa port-access A5 open-auth user-role guest_role