100 | 802.1X
www.dell.com | support.dell.com
Configuring an Authentication-fail VLAN
If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified amount
of time (30 seconds by default, see Configuring a Quiet Period after a Failed Authentication). You can
configure the maximum number of times the authenticator re-attempts authentication after a failure (3 by
default), after which the port is placed in the Authentication-fail VLAN.
Configure a port to be placed in the VLAN after failing the authentication process as specified number of
times using the command
dot1x auth-fail-vlan from INTERFACE mode, as shown in the example below.
Configure the maximum number of authentication attempts by the authenticator using the keyword
max-attempts with this command.
FTOS(conf-if-Te-2/1)#dot1x guest-vlan 200
FTOS(conf-if-Te 2/1)#show config
!
interface TenGigabitEthernet 2/1
switchport
dot1x authentication
dot1x guest-vlan 200
no shutdown
FTOS(conf-if-Te-2/1)#
FTOS(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5
FTOS(conf-if-Te-2/1)#show config
!
interface TenGigabitEthernet 2/1
switchport
dot1x authentication
dot1x guest-vlan 200
dot1x auth-fail-vlan 100 max-attempts 5
no shutdown
FTOS(conf-if-Te-2/1)#
View your configuration using the command show config from INTERFACE mode, as shown in the
example in Configuring a Guest VLAN, or using the command
show dot1x interface command from EXEC
Privilege mode as shown in the example below.
FTOS(conf-if-Te 2/1)#dot1x port-control force-authorized
FTOS(conf-if-Te 2/1)#show dot1x interface TenGigabitEthernet 2/1
802.1x information on Te 2/1:
-----------------------------
Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disabled
Guest VLAN id: 200
Auth-Fail VLAN: Disabled
To Next Page
Loading...
