From: Tarun Pahuja (pahujat@gmail.com)
Date: Fri Nov 09 2007 - 11:13:52 ART
Ashu,
If you want Dot1x to do its job, you would have to put the port in
"dot1x port-control Auto" mode. You have to use Radius to communicate with
the authentication server, IETF Radius has unique attributes that facilitate
Dot1x proper functioning. In an even the client fails the authentication
process, you can always configure a Auth-fail Vlan for the client to fall
into.
Switch(config-if)# dot1x auth-fail vlan 2
In this configuration the client would be put in vlan 2 if it fails the
authentication process.
HTH,
Tarun
On Nov 9, 2007 7:41 AM, ash tech <sordaf47@yahoo.com> wrote:
> Hi all,
>
> I have a confusion in dot1x.
>
> If I am asked that the interface will be in unauthorised mode in beginning
> and if the client fails authentication, it should escape to certain vlan.
>
> Do I need to configure the command?
>
> dot1x port-control force-unauthorized
>
> When should I configure a radius server??
>
> Ashu
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART