Dot1X Guest Vlan

From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Sat Oct 04 2008 - 16:29:05 ART

• Next message: Osamah Shaheen: "RE: NBAR"
• Previous message: nouman abbasi: "Re: PPP over frame-realy"
• Next in thread: Ali Mousawi: "Re: Dot1X Guest Vlan"
• Maybe reply: Ali Mousawi: "Re: Dot1X Guest Vlan"
• Maybe reply: Sadiq Yakasai: "Re: Dot1X Guest Vlan"
• Maybe reply: GAURAV MADAN: "Re: Dot1X Guest Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group

I went through the doc for guest vlan and has created some confusion
in my mind . I dont have setup for dot1x capable devices to actually
go and test whats happening .. Appreciate if someone can help me

1) I am using 12.2(25)SE and later . and I have "dot1x guest-vlan
supplicant" enabled so that IOS maintains history.
2) If I give following :

switchport access vlan 4
dot1x port-control auto
dot1x guest-vlan 2

As far as I know ; if non Dot1x capable devices connect to switchport
they will be placed in guest vlan 2 ( am i right ?)

What will happen if Dot1X capable device connects to port and fails
authentication ? what Vlan will this be put in ( please note that i
have not used the cli "dot1x auth-fail" )

Bascially I want to know the behaviour in cases where authebtication
fails Vs where authentication is not possible ?
Can we move authentication failed clients to guest vlan ?

Thnx in advance
Gaurav Madan

Blogs and organic groups at http://www.ccie.net

• Next message: Osamah Shaheen: "RE: NBAR"
• Previous message: nouman abbasi: "Re: PPP over frame-realy"
• Next in thread: Ali Mousawi: "Re: Dot1X Guest Vlan"
• Maybe reply: Ali Mousawi: "Re: Dot1X Guest Vlan"
• Maybe reply: Sadiq Yakasai: "Re: Dot1X Guest Vlan"
• Maybe reply: GAURAV MADAN: "Re: Dot1X Guest Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST