Name: Cisco Catalyst 2950
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

2-90

Catalyst 2950 and Catalyst 2955 Switch Command Reference

OL-10102-01

Chapter 2 Catalyst 2950 and 2955 Cisco IOS Commands

dot1x auth-fail vlan

Use the dot1x auth-fail vlan interface configuration command to enable the restricted VLAN on a port.

To return to the default setting, use the no form of this command.

dot1x auth-fail vlan vlan-id

no dot1x auth-fail vlan vlan-id

Syntax Description

Defaults No restricted VLAN is configured.

Command Modes Interface configuration

Command History

Usage Guidelines You can configure a restricted VLAN on ports configured as follows:

• single-host (default) mode only

• auto mode for authorization

You should enable re-authentication. The ports in restricted VLANs do not receive re-authentication

requests if re-authentication is disabled. To start the re-authentication process, the restricted VLAN must

receive a link down event or an Extensible Authentication Protocol (EAP) logoff event from the port. If

the host is connected through a hub, the port might never receive a link down event and might not detect

the new host until the next re-authentication attempt occurs. Therefore, re-authentication should be

enabled.

If the user fails authentication, the port is moved to a restricted VLAN, and an EAP success message is

sent to the user. Because the user is not notified of the authentication failure, there might be confusion

as to why there is restricted access to the network. An EAP success message is sent for these reasons:

• If the EAP success message is not sent, the user tries to authenticate every 60 seconds (the default)

by sending an EAP-start message.

• Some hosts (for example, devices running Windows XP) cannot implement DHCP until they receive

an EAP success message.

A user might cache an incorrect username and password combination after receiving an EAP success

message from the authenticator and re-use that information in every re-authentication. Until the user

passes the correct username and password combination, the port remains in the restricted VLAN.

Internal VLANs that are used for Layer 3 ports cannot be configured as a restricted VLAN.

You cannot configure a VLAN to be both a restricted VLAN and a voice VLAN. If you do this, a syslog

message appears.

vlan-id Specify a VLAN in the range of 1 to 4094.

Release Modification

12.1(22)EA7 This command was introduced.

Other manuals for Cisco Catalyst 2950

Software Configuration Guide674 pages

Getting Started Guide28 pages

Datasheet19 pages

Hardware Installation Guide232 pages

Software Guide376 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 2950 and is the answer not in the manual?

Cisco Catalyst 2950 Specifications

General

Forwarding Bandwidth	8.8 Gbps
Switching Capacity	13.6 Gbps
Forwarding Rate	6.6 Mpps
Weight	3.6 kg
RAM	16 MB
Flash Memory	8 MB
Operating Humidity	10% to 85% non-condensing
Uplink Ports	2 x 10/100/1000Base-T
Dimensions	4.4 cm x 44.5 cm x 24.2 cm
Remote Management Protocol	SNMP, Telnet, HTTP
Features	Quality of Service (QoS), VLAN support
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.1D, IEEE 802.1Q, IEEE 802.1p
Status Indicators	system
Operating Temperature	0 to 45°C
Ports	24 x 10/100 Ethernet ports
MAC Address Table Size	8, 192 entries
Power Supply	Internal 100-240V AC, 50-60Hz