The dot1x no-response authorize authen-server-down command enables the function of not responding to authentication triggering packets sent by clients when the AAA server is Down.
The undo dot1x no-response authorize authen-server-down command disables the function.
By default, the device responds to the authentication triggering packets sent by clients when the AAA server is Down.
dot1x no-response authorize authen-server-down
undo dot1x no-response authorize authen-server-down
Usage Scenario
When Cisco AnyConnect is used to perform EAP-FAST authentication, the device responds to the authentication triggering packets sent by the client. If the AAA server is Down, the client enters an abnormal state after receiving response packets from the device and cannot access the network. To prevent this problem, you can run the dot1x no-response authorize authen-server-down command to disable the device from responding to the authentication triggering packets sent by the client when the AAA server is Down. In this way, the client can obtain the access permission granted when the AAA server is Down.
Precautions
This function is only applicable to MAC and 802.1X mixed authentication scenarios.
This function is effective only for new users who go online after the function is configured.
Only wired users support this function.
For new users having no corresponding entry on the device, this function takes effect only after a forcible domain is configured for the users using the access-domain domain-name [ dot1x ] force command in the authentication profile view.