Re: Guest Vlan

From: Lou Ioanni (louisccie_r_s@yahoo.com)
Date: Fri Feb 23 2007 - 13:01:47 ART

• Next message: Muhabat: "OSPF: Best book"
• Previous message: Rick Shafer \(rishafer\): "RE: BGP --neighbor x.x.x.x next-hop-self"
• Maybe in reply to: Zheng Ma: "Guest Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I do not think is going to work without the "dot1x port control auto". That command will try to authenticate your PC when you connect and then when is detected that your PC has no supplicant it will be connected to the Guest vlan. You might have to manipulate some timers so that it does not take long for guest to get connectivity.....otherwise it might take more than 30 secs for guests to get connectivity.
   
  Just curious, are you also using dynamic vlans/and ACLs? Is your ACS radius using external database? Are you using any supplicants for non-guests?
   
  Thanks,
   
  Loizos Y.
  CCIE#10702 R & S

Zheng Ma <zheng.ma.f@gmail.com> wrote:
  Hi, Can someone provide the correct answer on Guest vlan with authentication
radius server

aaa new-model
authentication login default none
aaa authentication dot1x default group radius

dot1x system-auth-control
dot1 guest-vlan supplicant

radius-server host 182.1.1.100

when I apply to the interface, do I need both commands below, or just
"dot1x guest-vlan 110"

dot1x port control auto
dot1x guest-vlan 110

Regards,

• Next message: Muhabat: "OSPF: Best book"
• Previous message: Rick Shafer \(rishafer\): "RE: BGP --neighbor x.x.x.x next-hop-self"
• Maybe in reply to: Zheng Ma: "Guest Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART