10-18
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-10
Chapter 10 Configuring 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Configuring a Guest VLAN
For switches running the EI, when you configure a guest VLAN, clients that are not 802.1x-capable are
put into the guest VLAN when the server does not receive a response to its EAPOL request/identity
frame. Clients that are 802.1x-capable but fail authentication are not granted access to the network. The
switch supports guest VLANs in single-host or multiple-hosts mode.
Beginning in privileged EXEC mode, follow these steps to configure a guest VLAN. This procedure is
optional.
To disable and remove the guest VLAN, use the no dot1x guest-vlan interface configuration command.
The port returns to the unauthorized state.
This example shows how to enable VLAN 9 as an 802.1x guest VLAN on a port:
Switch(config)# interface fastethernet0/1
Switch(config-if)# dot1x guest-vlan 9
This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that
the switch waits for a response to an EAP-request/identity frame from the client before resending the
request, and to enable VLAN 2 as an 802.1x guest VLAN when an 802.1x port is connected to a DHCP
client:
Switch(config-if)# dot1x timeout quiet-period 3
Switch(config-if)# dot1x timeout tx-period 15
Switch(config-if)# dot1x guest-vlan 2
Resetting the 802.1x Configuration to the Default Values
Beginning in privileged EXEC mode, follow these steps to reset the 802.1x configuration to the default
values.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the interface to be configured, and enter interface configuration
mode. For the supported interface types, see the “802.1x Configuration
Guidelines” section on page 10-10.
Step 3
dot1x guest-vlan vlan-id Specify an active VLAN as an 802.1x guest VLAN. The range is 1 to
4094.
Any VLAN can be configured as an 802.1x guest VLAN except RSPAN
VLANs or voice VLANs.
Step 4
end Return to privileged EXEC mode.
Step 5
show dot1x interface interface-id Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the interface to be configured, and enter interface configuration
mode.
To Next Page
Loading...
Need help?
General
