Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Authentication host-mode and violation on 881 routers

Hi,

I'm seeing some confusing behavior on 881 routers running IOS 15.2(4)M4 and was wondering if anyone could explain.

We would like to run authentication violation restrict to only block unauthenticated devices, not shut down the interface.

From interface config mode, the command authentication violation {restrict | shutdown} is not available.

(config-if)#authentication violation ?
% Unrecognized command
(config-if)#authentication violation

But, if you do a show run all, the command authentication violation shutdown is there.  (Not there with just show run).

sh run all | i interface|violation
....
interface FastEthernet0
 authentication violation shutdown
interface FastEthernet1
 authentication violation shutdown
interface FastEthernet2
 authentication violation shutdown
interface FastEthernet3
 authentication violation shutdown

...

So it looks like the interface is set to authentication violation shutdown and can't be changed.

However, in testing the behavior matched authentication violation restrict, not authentication violation shutdown. Unauthenticated devices did not cause the interface to shut down.

So it's actually working the way we want, but I'm nervous as to whether it will do so consistently given the behavior which is contrary to the running config.

We have only seend this behavior on the 881s. 4506 and 3750 switches work the way you would expect.

Can anyone shed any light? Thanks.

 

1 REPLY
Silver

Leroy,What is the current

Leroy,

What is the current configiration of the 881?

Could you share that?

Regards

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
59
Views
0
Helpful
1
Replies
CreatePlease to create content