802. 1 X Commands
78-21075-01 Command Line Interface Reference Guide
Use the no form of this command to disable user-based VLAN assignment.
Syntax
dot1x radius-attributes vlan [reject |
no dot1x radius-attributes vlan
Parameters
•
reject—If the RADIUS server authenticated the supplicant, but did not
provide a supplicant VLAN, the supplicant is rejected. If the parameter is
omitted, this option is applied by default.
•
vlan-id—If the RADIUS server authenticated the supplicant, but did not
provide a supplicant VLAN, the supplicant is accepted, and the configured
VLAN is assigned to the supplicant.
Default Configuration
Disabled
Command Mode
Interface Configuration (Ethernet) mode
User Guidelines
The configuration of this command is allowed only when the port is Forced
Authorized.
RADIUS attributes are supported only in Multiple Sessions mode (multiple hosts
with authentication)
When RADIUS attributes are enabled and the RADIUS accept message does not
contain the supplicant's VLAN as an attribute, the supplicant is rejected.
Packets to the supplicant are sent untagged.
After successful authentication, the port remains a member in the unauthenticated
VLANs and in the guest VLAN. Other static VLAN configurations are not applied on
the port.
vlan-id
]
22
343