RE: dot1x unauthorised mode

From: Joseph Brunner (joe@affirmedsystems.com)
Date: Fri Nov 09 2007 - 12:21:38 ART

• Next message: boonchin .ng: "Re: Problem with Extension Mobility - CCM4"
• Previous message: Joseph Saad: "Re: dot1x unauthorised mode"
• Maybe in reply to: ash tech: "dot1x unauthorised mode"
• Next in thread: Sadiq Yakasai: "Re: dot1x unauthorised mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From a 3550

interface FastEthernet0/3
 switchport mode access
 dot1x pae authenticator
 dot1x port-control auto
 dot1x guest-vlan 33
 dot1x auth-fail vlan 33
 wrr-queue bandwidth 30 20 10 10

so auth-fail does indeed exist. And per the doc cd it can be the same vlan
as the guest vlan

-Joe

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph Saad
Sent: Friday, November 09, 2007 9:45 AM
To: Mohamed Radwan
Cc: Tarun Pahuja; ash tech; ccielab@groupstudy.com
Subject: Re: dot1x unauthorised mode

It does exist. port need to be in access mode.

On Nov 9, 2007 6:23 PM, Mohamed Radwan <abobakr.mohamed@gmail.com> wrote:
> Hi Tarun, All,
>
> I think the command
> Switch(config-if)# dot1x auth-fail vlan 2
>
> is not supported in 3550, can any one confirm this ?
>
> Best Regards,
> Mohamed
>
>
> On 11/9/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> >
> > Ashu,
> > If you want Dot1x to do its job, you would have to put the port
in
> > "dot1x port-control Auto" mode. You have to use Radius to communicate
with
> > the authentication server, IETF Radius has unique attributes that
> > facilitate
> > Dot1x proper functioning. In an even the client fails the authentication
> > process, you can always configure a Auth-fail Vlan for the client to
fall
> > into.
> >
> > Switch(config-if)# dot1x auth-fail vlan 2
> > In this configuration the client would be put in vlan 2 if it fails the
> > authentication process.
> >
> > HTH,
> > Tarun
> >
> >
> >
> >
> > On Nov 9, 2007 7:41 AM, ash tech <sordaf47@yahoo.com> wrote:
> >
> > > Hi all,
> > >
> > > I have a confusion in dot1x.
> > >
> > > If I am asked that the interface will be in unauthorised mode in
> > beginning
> > > and if the client fails authentication, it should escape to certain
> > vlan.
> > >
> > > Do I need to configure the command?
> > >
> > > dot1x port-control force-unauthorized
> > >
> > > When should I configure a radius server??
> > >
> > > Ashu
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Tired of spam? Yahoo! Mail has the best spam protection around
> > > http://mail.yahoo.com
> > >
> > >

• Next message: boonchin .ng: "Re: Problem with Extension Mobility - CCM4"
• Previous message: Joseph Saad: "Re: dot1x unauthorised mode"
• Maybe in reply to: ash tech: "dot1x unauthorised mode"
• Next in thread: Sadiq Yakasai: "Re: dot1x unauthorised mode"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART