Dell Force10 TeraScale E Series Reference Manual page 1306

Ftos command line, ftos 8.4.2.7

dot1x guest-vlan

Command Modes

dot1x max-eap-req

Configure a guest VLAN for limited access users or for devices that are not 802.1X capable.

dot1x guest-vlan vlan-id

To disable the guest VLAN, use the no dot1x guest-vlan vlan-id command.

Enter the VLAN Identifier.

Range: 1 to 4094

Not configured

CONFIGURATION (conf-if-interface-slot/port)

Version 7.6.1.0

Introduced on C-Series, E-Series, and S-Series

802.1X authentication is enabled when an interface is connected to the switch. If the host fails to

respond within a designated amount of time, the authenticator places the port in the guest VLAN.

If a device does not respond within 30 seconds, it is assumed that the device is not 802.1X capable.

Therefore, a guest VLAN is allocated to the interface and authentication, for the device, will occur at

the next re-authentication interval

If the host fails authentication for the designated amount of times, the authenticator places the port in

authentication failed VLAN

Layer 3 portion of guest VLAN and authentication fail VLANs can be created

regardless if the VLAN is assigned to an interface or not. Once an interface is assigned a guest

VLAN (which has an IP address), then routing through the guest VLAN is the same as any

other traffic. However, interface may join/leave a VLAN dynamically.

dot1x auth-fail-vlan

Configure a VLAN for authentication failures

dot1x reauthentication

Enable periodic re-authentication

show dot1x interface

Display the 802.1X information on an interface

Configure the maximum number of times an EAP (Extensive Authentication Protocol) request is

transmitted before the session times out.

dot1x max-eap-req number

To return to the default, use the no dot1x max-eap-req command.

Enter the number of times an EAP request is transmitted before a session time-out.

Range: 1 to 10

reauthentication).

auth-fail-vlan).