C613-50055-01 REV A Command Reference for x230 Series Edge Switches 849
AlliedWare Plusâ„¢ Operating System - Version 5.4.5-0.x
AUTHENTICATION COMMANDS
AUTH
AUTH-FAIL VLAN
auth auth-fail vlan
Overview Use this command to enable the auth-fail vlan feature on the specified vlan
interface. This feature assigns supplicants (client devices) to the specified VLAN if
they fail port authentication.
Use the no variant of this command to disable the auth-fail vlan feature for a
specified VLAN interface.
Syntax
auth auth-fail vlan <1-4094>
no auth auth-fail vlan
Default The auth-fail vlan feature is disabled by default.
Mode Interface Configuration for a static channel, a dynamic (LACP) channel group, or a
switch port.
Usage Use the auth-fail vlan feature when using Web-Authentication instead of the
Guest VLAN feature, when you need to separate networks where one supplicant
(client device) requires authentication and another supplicant does not require
authentication from the same interface.
This is because the DHCP lease time using the Web-Authentication feature is
shorter, and the auth fail vlan feature enables assignment to a different VLAN if a
supplicant fails authentication.
To enable the auth-fail vlan feature with Web Authentication, you need to set
Web Authentication Server virtual IP address by using the auth-web-server
ipaddress command or the auth-web-server dhcp ipaddress command.
When using 802.1X port authentication, use a dot1x max-auth-fail command to set
the maximum number of login attempts. Three login attempts are allowed by
default for 802.1X port authentication before supplicants trying to authenticate
are moved from the Guest VLAN to the auth-fail VLAN. See the dot1x max-auth-fail
on page 821 for command information.
See the Authentication Feature Overview and Configuration Guide for information
about:
• the auth-fail VLAN feature, which allows the Network Administrator to
separate the supplicants who attempted authentication, but failed, from the
supplicants who did not attempt authentication, and
• restrictions regarding combinations of authentication enhancements
working together
Use appropriate ACLs (Access Control Lists) on interfaces for extra security if a
supplicant allocated to the designated auth-fail vlan can access the same network
Parameter Description
<1-4094> Assigns the VLAN ID to any supplicants that have failed port
authentication.
To Next Page
Loading...
Need help?
General
