From: Ivan (ivan@iip.net)
Date: Fri Jan 05 2007 - 20:20:11 ART
Think that you missed up about failed authorization. Failed authorization and
client dont have dot1x support is differ each other.
dot1x auth-fail vlan 55 - for client wich failed auth proccess
dot1x guest vlan 11 - for client wich not dot1x-capable
also you don't allowed using auth server.
May be need something like this
aaa authentication login def local
aaa authorization netw def if-auth
On Saturday 06 January 2007 02:00, Noel Debouver III wrote:
> Configure F0/1 for authorization clients with dot1x. Interface must be in
> unauthorized mode. If client is failed authorization, then he must be in
> VLAN_55
> Users don"t have dot1x also must be in VLAN_11 NOTE: you are not
> allowed to configure aaa authentication server for this task.
>
> I'm thinking:
> dot1x system-auth-control
> dot1 guest-vlan supplicant
>
> aaa new-model
> aaa
> authentication login default none
> aaa authentication dot1x default group
> radius
>
> int F0/1
> dot1x port control auto
> dot1x guest-vlan 11
>
>
> What I am
> asking is would you interpret the question the same way? Why or why not?
> Would you configure it differently, why or why not?
>
> Your help would be
> appreciated.
>
> __________________________________________________
> Do You
> Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:55 ART