EasyManua.ls Logo

Cisco Catalyst 3560X-24P

Cisco Catalyst 3560X-24P
1188 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
2-157
Catalyst 3750-X and 3560-X Switch Command Reference
OL-21522-02
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands
dot1x auth-fail vlan
dot1x auth-fail vlan
Use the dot1x auth-fail vlan interface configuration command on the switch stack or on a standalone
switch to enable the restricted VLAN on a port. To return to the default setting, use the no form of this
command.
dot1x auth-fail vlan vlan-id
no dot1x auth-fail vlan
Syntax Description
Defaults No restricted VLAN is configured.
Command Modes Interface configuration
Command History
Usage Guidelines You can configure a restricted VLAN on ports configured as follows:
single-host (default) mode
auto mode for authorization
You should enable re-authentication. The ports in restricted VLANs do not receive re-authentication
requests if it is disabled. To start the re-authentication process, the restricted VLAN must receive a
link-down event or an Extensible Authentication Protocol (EAP) logoff event from the port. If a host is
connected through a hub, the port might never receive a link-down event when that host is disconnected,
and, as a result, might not detect any new hosts until the next re-authentication attempt occurs.
If the supplicant fails authentication, the port is moved to a restricted VLAN, and an EAP success
message is sent to the supplicant. Because the supplicant is not notified of the actual authentication
failure, there might be confusion about this restricted network access. An EAP success message is sent
for these reasons:
If the EAP success message is not sent, the supplicant tries to authenticate every 60 seconds (the
default) by sending an EAP-start message.
Some hosts (for example, devices running Windows XP) cannot implement DHCP until they receive
an EAP success message.
A supplicant might cache an incorrect username and password combination after receiving an EAP
success message from the authenticator and re-use that information in every re-authentication. Until the
supplicant sends the correct username and password combination, the port remains in the restricted
VLAN.
Internal VLANs used for Layer 3 ports cannot be configured as restricted VLANs.
vlan-id Specify a VLAN in the range of 1 to 4094.
Release Modification
12.2(53)SE2 This command was introduced.

Table of Contents

Other manuals for Cisco Catalyst 3560X-24P

Related product manuals