Re: Dot1X Guest Vlan

From: Ali Mousawi (mousawi.ali@gmail.com)
Date: Sat Oct 04 2008 - 17:30:05 ART

• Next message: Ali Mousawi: "Re: NBAR"
• Previous message: Osamah Shaheen: "RE: NBAR"
• Maybe in reply to: GAURAV MADAN: "Dot1X Guest Vlan"
• Next in thread: Sadiq Yakasai: "Re: Dot1X Guest Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Gaurav,

Check this from the DocCD

You can configure a restricted VLAN (also referred to as an *authentication
failed VLAN*) for each IEEE 802.1x port on a switch to provide limited
services to clients that cannot access the guest VLAN. These clients are
IEEE 802.1x-compliant and cannot access another VLAN because they fail the
authentication process. A restricted VLAN allows users without valid
credentials in an authentication server (typically, visitors to an
enterprise) to access a limited set of services. The administrator can
control the services available to the restricted VLAN.
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/sw8021x.html#wp1176660

HTH

On Sat, Oct 4, 2008 at 12:29 PM, GAURAV MADAN <gauravmadan1177@gmail.com>wrote:

> Hi Group
>
> I went through the doc for guest vlan and has created some confusion
> in my mind . I dont have setup for dot1x capable devices to actually
> go and test whats happening .. Appreciate if someone can help me
>
> 1) I am using 12.2(25)SE and later . and I have "dot1x guest-vlan
> supplicant" enabled so that IOS maintains history.
> 2) If I give following :
>
> switchport access vlan 4
> dot1x port-control auto
> dot1x guest-vlan 2
>
> As far as I know ; if non Dot1x capable devices connect to switchport
> they will be placed in guest vlan 2 ( am i right ?)
>
> What will happen if Dot1X capable device connects to port and fails
> authentication ? what Vlan will this be put in ( please note that i
> have not used the cli "dot1x auth-fail" )
>
> Bascially I want to know the behaviour in cases where authebtication
> fails Vs where authentication is not possible ?
> Can we move authentication failed clients to guest vlan ?
>
> Thnx in advance
> Gaurav Madan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Ali Mousawi: "Re: NBAR"
• Previous message: Osamah Shaheen: "RE: NBAR"
• Maybe in reply to: GAURAV MADAN: "Dot1X Guest Vlan"
• Next in thread: Sadiq Yakasai: "Re: Dot1X Guest Vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:19 ARST