Radius Inaccessible Authentication Bypass

Unanswered Question
Sep 23rd, 2009

Hello,

I'd like to know if it's possible to implement a such mechanism on a Cisco 2950 platform.

I'd like to avoid that my clients ports are unauthorized in case of a failure of my radius servers. Is there a way to implement it on a 2950G.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 09/24/2009 - 13:03

gildas

Would I be correct to assume that you have your 2950G configured with a backup authentication method if the Radius server is not available and that your issue is what to do about authorization?

I have not done this on a 2950G and can not know that it works, but this solution generally works in IOS and I assume that it will work on your 2950G:

aaa authorization exec default group radius if-authenticated

Give it a try and let us know if it works.

HTH

Rick

gilou_1973 Mon, 09/28/2009 - 22:18

Hi Rick,

Thanks for your answer but what I mean is the following.

I've implemented the dot1x port control on my switchs and I'd like to bypass this security if my radius server is considered down or unreachable by the authenticator.

I know that it's possible on a catalyst 4500 and is known as "Configuring a port as a critical port in order to enable the Inaccessible Authentication Bypass feature".

I hope that my explanation is clearer and that I don't mistake

Thanks

Actions

This Discussion