Configuring A Guest Vlan; Configuring An Authentication-Fail Vlan - Dell S4820T Configuration Manual
Hide thumbs
Also See for S4820T:
- Manual (60 pages) ,
- Installation manual (59 pages) ,
- Configuration manual (1128 pages)
Table of Contents
Advertisement
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases
this behavior is not appropriate. External users of an enterprise network, for example, might not be able
to be authenticated, but still need access to the network. Also, some dumb-terminals, such as network
printers, do not have 802.1X capability and therefore cannot authenticate themselves. To be able to
connect such devices, they must be allowed access the network without compromising network security.
The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices
and the Authentication-fail VLAN 802.1X extension addresses this limitation with regard to external users.
•
If the supplicant fails authentication a specified number of times, the authenticator places the port in
the Authentication-fail VLAN.
•
If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of
the Guest VLAN and the authentication process begins.
Configuring a Guest VLAN
If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, the
system assumes that the host does not have 802.1X capability and the port is placed in the Guest VLAN.
NOTE: For more information about configuring timeouts, refer to
Configure a port to be placed in the Guest VLAN after failing to respond within the timeout period using
the dot1x guest-vlan command from INTERFACE mode. View your configuration using the show
config command from INTERFACE mode or using the show dot1x interface command from EXEC
Privilege mode.
Example of Viewing Guest VLAN Configuration
Dell(conf-if-Te-2/1)#dot1x guest-vlan 200
Dell(conf-if-Te 2/1))#show config
!
interface TenGigabitEthernet 2/1
switchport
dot1x guest-vlan 200
no shutdown
Dell(conf-if-Te 2/1))#
Configuring an Authentication-Fail VLAN
If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified
amount of time.
NOTE: For more information about authenticator re-attempts, refer to
after a Failed
Authentication.
You can configure the maximum number of times the authenticator re-attempts authentication after a
failure (3 by default), after which the port is placed in the Authentication-fail VLAN.
Configure a port to be placed in the VLAN after failing the authentication process as specified number of
times using the dot1x auth-fail-vlan command from INTERFACE mode. Configure the maximum
number of authentication attempts by the authenticator using the keyword max-attempts with this
command.
122
Configuring
Timeouts.
Configuring a Quiet Period
802.1X
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
