dot1x filter-strict-security

Enables or disables strict filter security for dot1x authentication on the interface.

Syntax

dot1x filter-strict-security
no dot1x filter-strict-security

Command Default

Strict filter security is enabled.

Modes

Interface configuration mode

Usage Guidelines

By default, strict security mode is enabled; that is the client is not authenticated if the Filter-Id attribute returned by RADIUS contains invalid information, or if insufficient system resources are available to implement the IP ACLs or MAC address filters.

When strict security mode is enabled:

When strict security mode is disabled:

The no form of the command disables strict filter security.

Examples

The following example enables strict filter security.

device(config)# interface Ethernet 1/1
device(conf-if-eth-1/1)# dot1x filter-strict-security