Re: dot1x guest-vlan supplicant

From: Serhat Aslan (serhatworks@gmail.com)
Date: Tue Jul 03 2007 - 21:21:05 ART

• Next message: Mike Kraus \(mikraus\): "RE: dot1x guest-vlan supplicant"
• Previous message: louis john: "dot1x guest-vlan supplicant"
• Maybe in reply to: louis john: "dot1x guest-vlan supplicant"
• Next in thread: Mike Kraus \(mikraus\): "RE: dot1x guest-vlan supplicant"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi John,

  AFAIK, at your configuration you must enable the dot1x for the interfaces
with the dot1 port-control auto.

 A real life case:
I saw different behaviors for 3550,3560 for assigning the guest vlan when
trying to setup non-authenticated case. With the same configurations, on
these switches we took different result. If I am not wrong, the main problem
was the unauthenticated-switch port states. After the 3 fails/timeouts one
of the switch port state was assigned its self to guestvlan without a
problem with the same configuration, the other switch port-state was not
functional due to err-disable/or-I_forgot ;).
 good luck !
Serhat Aslan

On 7/4/07, louis john <west_coast@inbox.com> wrote:
>
> Folks,
>
> Can you please correct my answer to the following question :
>
> I have IEEE clients connected to my switch port, I am trying to
> authenticate them through DOT1X protocol using radius server, I want to put
> the unauthenticated clients in the guest vlan 345
>
> My config
> aaa new-model
> authentication login default none
> aaa authentication dot1x default group radius
>
> dot1x system-auth-control
>
> interface range f1/0/1 - 48
> switchport mode access
> dot1x guest-vlan 345
>
> Now should I have to also mention "dot1x guest-vlan supplicant" in the
> global configuration as this is a hidden command in 3750 switches as we
> usually do on 3550 switches.
>
> Now I believe that if I put this command, then the Unauthenticated IEEE
> capable clients will be moved to guest vlan.
>
> I appreciate your feedback.
>
> ____________________________________________________________
> GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at
> http://www.inbox.com/smileys
> Works with AIMB., MSNB. Messenger, Yahoo!B. Messenger, ICQB., Google Talkb
> " and most webmails
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Mike Kraus \(mikraus\): "RE: dot1x guest-vlan supplicant"
• Previous message: louis john: "dot1x guest-vlan supplicant"
• Maybe in reply to: louis john: "dot1x guest-vlan supplicant"
• Next in thread: Mike Kraus \(mikraus\): "RE: dot1x guest-vlan supplicant"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:39 ART