Chapter 8
| Authentication Commands
802.1X Port Authentication
Authenticator Commands
dot1x intrusion-action
Command Mode
Global Configuration
Example
Console(config)#dot1x system-auth-control
Console(config)#
This command sets the port's response to a failed authentication, either to block all
traffic, or to assign all traffic for the port to a guest VLAN. Use the no form to reset
the default.
Syntax
dot1x intrusion-action {block-traffic | guest-vlan}
no dot1x intrusion-action
block-traffic - Blocks traffic on this port.
guest-vlan - Assigns the user to the Guest VLAN.
Default
block-traffic
Command Mode
Interface Configuration
Command Usage
◆
For guest VLAN assignment to be successful, the VLAN must be configured and
set as active (see the
for the port (see the
◆
A port can only be assigned to the guest VLAN in case of failed authentication,
if switchport mode is set to Hybrid.
Example
Console(config)#interface eth 1/2
Console(config-if)#dot1x intrusion-action guest-vlan
Console(config-if)#
vlan database
command) and assigned as the guest VLAN
network-access guest-vlan
– 258 –
command).