122 | 802.1X
www.dell.com | support.dell.com
Configuring an Authentication-Fail VLAN
If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified amount of
time (30 seconds by default, see Configuring a Quiet Period after a Failed Authentication on page 114). You
can configure the maximum number of times the authenticator re-attempts authentication after a failure (3 by
default), after which the port is placed in the Authentication-fail VLAN.
Configure a port to be placed in the VLAN after failing the authentication process as specified number of
times using the command
dot1x auth-fail-vlan from INTERFACE mode, as shown in Figure 7-13. Configure
the maximum number of authentication attempts by the authenticator using the keyword
max-attempts with
this command.
Figure 7-13. Configuring an Authentication-fail VLAN
View your configuration using the command show config from INTERFACE mode, as shown in
Figure 7-12, or using the command
show dot1x interface command from EXEC Privilege mode as shown in
Figure 7-14.
Figure 7-14. Viewing Guest and Authentication-fail VLAN Configurations
FTOS(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5
FTOS(conf-if-gi-1/2)#show config
!
interface GigabitEthernet 1/2
switchport
dot1x guest-vlan 200
dot1x auth-fail-vlan 100 max-attempts 5
no shutdown
FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized
FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1
802.1x information on Gi 2/1:
-----------------------------
Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Enable
Guest VLAN id: 200
Auth-Fail VLAN: Enable
Auth-Fail VLAN id: 100
Auth-Fail Max-Attempts: 5
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 10
Supplicant Timeout: 15 seconds
Server Timeout: 15 seconds
Re-Auth Interval: 7200 seconds
Max-EAP-Req: 10
Auth Type: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
To Next Page
Loading...
