Advertisement
dot1x auth-fail-vlan
c e s
Configure a authentication failure VLAN for users and devices that fail 802.1X authentication.
Syntax
dot1x auth-fail-vlan vlan-id [max-attempts number]
To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-id
[max-attempts number] command.
Parameters
vlan-id
max-attempts number
Defaults
3 attempts
Command Modes
CONFIGURATION (conf-if-interface-slot/port)
Command
Version 7.6.1.0
History
Usage
If the host responds to 802.1X with an incorrect login/password, the login fails. The switch will
Information
attempt to authenticate again until the maximum attempts configured is reached. If the authentication
fails after all allowed attempts, the interface is moved to the authentication failed VLAN.
Once the authentication VLAN is assigned, the port-state must be toggled to restart authentication.
Authentication will occur at the next re-authentication interval
Related
dot1x port-control
Commands
dot1x guest-vlan
show dot1x interface
dot1x auth-server
c e s
Configure the authentication server to RADIUS.
Syntax
dot1x auth-server radius
Defaults
No default behavior or values
Command Modes
CONFIGURATION
Command
Version 7.6.1.0
History
Version 7.4.1.0
Enter the VLAN Identifier.
Range: 1 to 4094
(OPTIONAL) Enter the keyword
attempts desired before authentication fails.
Range: 1 to 5
Default: 3
Introduced on C-Series, E-Series and S-Series
Enable port-control on an interface
Configure a guest VLAN for non-dot1x devices
Display the 802.1X information on an interface
Introduced on C-Series and S-Series
Introduced on E-Series
max-attempts
followed number of
(dot1x
reauthentication).
Security | 1305
Advertisement
