Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Radius Inaccessible Authentication Bypass

Hello,

I'd like to know if it's possible to implement a such mechanism on a Cisco 2950 platform.

I'd like to avoid that my clients ports are unauthorized in case of a failure of my radius servers. Is there a way to implement it on a 2950G.

2 REPLIES
Hall of Fame Super Silver

Re: Radius Inaccessible Authentication Bypass

gildas

Would I be correct to assume that you have your 2950G configured with a backup authentication method if the Radius server is not available and that your issue is what to do about authorization?

I have not done this on a 2950G and can not know that it works, but this solution generally works in IOS and I assume that it will work on your 2950G:

aaa authorization exec default group radius if-authenticated

Give it a try and let us know if it works.

HTH

Rick

New Member

Re: Radius Inaccessible Authentication Bypass

Hi Rick,

Thanks for your answer but what I mean is the following.

I've implemented the dot1x port control on my switchs and I'd like to bypass this security if my radius server is considered down or unreachable by the authenticator.

I know that it's possible on a catalyst 4500 and is known as "Configuring a port as a critical port in order to enable the Inaccessible Authentication Bypass feature".

I hope that my explanation is clearer and that I don't mistake

Thanks

377
Views
0
Helpful
2
Replies