Radius Inaccessible Authentication Bypass

Unanswered Question
Sep 23rd, 2009
User Badges:


I'd like to know if it's possible to implement a such mechanism on a Cisco 2950 platform.

I'd like to avoid that my clients ports are unauthorized in case of a failure of my radius servers. Is there a way to implement it on a 2950G.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Thu, 09/24/2009 - 13:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Would I be correct to assume that you have your 2950G configured with a backup authentication method if the Radius server is not available and that your issue is what to do about authorization?

I have not done this on a 2950G and can not know that it works, but this solution generally works in IOS and I assume that it will work on your 2950G:

aaa authorization exec default group radius if-authenticated

Give it a try and let us know if it works.



gilou_1973 Mon, 09/28/2009 - 22:18
User Badges:

Hi Rick,

Thanks for your answer but what I mean is the following.

I've implemented the dot1x port control on my switchs and I'd like to bypass this security if my radius server is considered down or unreachable by the authenticator.

I know that it's possible on a catalyst 4500 and is known as "Configuring a port as a critical port in order to enable the Inaccessible Authentication Bypass feature".

I hope that my explanation is clearer and that I don't mistake



This Discussion