Configuring voice aware 802.1x security, Configuring voice aware 802.1x – Dell POWEREDGE M1000E User Manual

10-39

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Authentication

This example shows how to enable a readiness check on a switch to query a port. It also shows the
response received from the queried port verifying that the device connected to it is IEEE 802.1x-capable:

switch# dot1x test eapol-capable interface gigabitethernet1/0/13

DOT1X_PORT_EAPOL_CAPABLE:DOT1X: MAC 00-01-02-4b-f1-a3 on gigabitethernet1/0/13 is EAPOL

capable

Configuring Voice Aware 802.1x Security

You use the voice aware 802.1x security feature on the switch to disable only the VLAN on which a
security violation occurs, whether it is a data or voice VLAN. You can use this feature in IP phone
deployments where a PC is connected to the IP phone. A security violation found on the data VLAN
results in the shutdown of only the data VLAN. The traffic on the voice VLAN flows through the switch
without interruption.

Follow these guidelines to configure voice aware 802.1x voice security on the switch:

•

You enable voice aware 802.1x security by entering the errdisable detect cause security-violation
shutdown vlan global configuration command. You disable voice aware 802.1x security by entering
the no version of this command. This command applies to all IEEE 802.1x-configured ports in the
switch.

Note

If you do not include the shutdown vlan keywords, the entire port is shut down when it enters the
error-disabled state.

•

If you use the errdisable recovery cause security-violation global configuration command to
configure error-disabled recovery, the port is automatically re-enabled. If error-disabled recovery is
not configured for the port, you re-enable it by using the shutdown and no-shutdown interface
configuration commands.

•

You can re-enable individual VLANs by using the clear errdisable interface interface-id

vlan

[vlan-list] privileged EXEC command. If you do not specify a range, all VLANs on the port are
enabled.

Beginning in privileged EXEC mode, follow these steps to enable voice aware 802.1x security:

Command

Purpose

Step 1

configure terminal

Enter global configuration mode.

Step 2

errdisable detect cause
security-violation shutdown vlan

Shut down any VLAN on which a security violation error occurs.

Note

If the shutdown vlan keywords are not included, the entire port
enters the error-disabled state and shuts down.

Step 3

errdisable recovery cause
security-violation

(Optional) Enable automatic per-VLAN error recovery.

Step 4

clear errdisable interface interface-id

vlan

[vlan-list]

(Optional) Reenable individual VLANs that have been error disabled.

•

For interface-id specify the port on which to reenable individual
VLANs.

•

(Optional) For vlan-list specify a list of VLANs to be re-enabled. If
vlan-list is not specified, all VLANs are re-enabled.