From: slevin kremera (slevin.kremera@gmail.com)
Date: Thu Oct 11 2007 - 06:15:15 ART
wht is the purpose of this command
dot1x auth-fail vlan 100
On 5/10/07, Rob McDonald <robmexpert@gmail.com> wrote:
>
> Hello,
>
> Thanks for the reply... Once again I'm trying to configure "I'm trying to
> set-up 802.1x based guest vlan authentication using a radius server @
> 100.100.1.100 and password CCIE. Is this the right way to achieve this"
>
> aaa new-model
> aaa authentication dot1x default group radius
>
> aaa authentication login VTY line
> aaa authentication login CONN none
>
> radius-server host 100.100.1.100
> radius-server key CCIE
>
> dot1x system-auth-control
> dot1x guest-vlan supplicant
>
> interface range fa0/10-13
> switchport mode access
> dot1x port-control auto
> dot1x guest-vlan 100
> dot1x auth-fail vlan 100
>
> line con 0
> login authentication CONN
>
> line vty 0 4
> login authentication VTY
>
> On 5/9/07, Edison Ortiz <edisonmortiz@gmail.com> wrote:
> >
> >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225see/scg/sw8021x.htm
> > Before Cisco IOS Release 12.2(25)SE, the switch did not maintain the
> EAPOL
> > packet history and allowed clients that failed authentication access to
> > the
> > guest VLAN, regardless of whether EAPOL packets had been detected on the
> > interface. You can enable this optional behavior by using the dot1x
> > guest-vlan supplicant global configuration command. However, in Cisco
> IOS
> > Release 12.2(25)SEE, the dot1x guest-vlan supplicant global
> configuration
> > command is no longer supported. Use a restricted VLAN to allow clients
> > that
> > failed authentication access to the network by entering the dot1x
> > auth-fail
> > vlan vlan-id interface configuration command.
> >
> > ______________________________
> >
> > Keep in mind, when enabling aaa new-model - you need to disable
> > authentication for the vty lines and console
> > port.
> >
> > ----- Original Message -----
> > From: "Rob McDonald" <robmexpert@gmail.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Wednesday, May 09, 2007 4:23 AM
> > Subject: dot1x & Guest VLAN
> >
> >
> > > Hello group,
> > >
> > > I'm trying to set-up 802.1x based guest vlan authentication using a
> > radius
> > > server @ 100.100.1.100 and password CCIE. Is this the right way to
> > achieve
> > > this:
> > >
> > >
> > > aaa new-model
> > >
> > > aaa authentication dot1x default group radius
> > >
> > >
> > >
> > > radius-server host 100.100.1.100
> > >
> > > radius-server key CCIE
> > >
> > >
> > >
> > > dot1x guest-vlan supplicant
> > >
> > > dot1x system-auth-control
> > >
> > >
> > >
> > > interface range fa0/10-13
> > >
> > > switchport-mode access
> > >
> > > dot1x port-control auto
> > >
> > > dot1x guest-vlan 100
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Also is it mandatory to use the command "dot1x guest-vlan supplicant"?
> > >
> > >
> > >
> > > Thanks,
> > >
> > > Rob
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:13 ART