Guest-vlan

From: CCIE To Be (ccie.tobe81@gmail.com)
Date: Tue Jan 06 2009 - 17:51:32 ARST

• Next message: Narbik Kocharians: "Re: IPv6 textbook"
• Previous message: Tom Harbert: "IPv6 textbook"
• Next in thread: Sadiq Yakasai: "Re: Guest-vlan"
• Maybe reply: Sadiq Yakasai: "Re: Guest-vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

Do we need to configure *dot1x guest-vlan supplicant* on 3560/3550 for
implementing dot1x. As per doc CD for both 3560 & 3550,

******************************

Before Cisco IOS Release 12.2(25)SE, the switch did not maintain the EAPOL
packet history and allowed clients that failed authentication access to the
guest VLAN, regardless of whether EAPOL packets had been detected on the
interface. You can enable this behavior by using the *dot1x guest-vlan
supplicant* global configuration command.

In Cisco IOS Release 12.2(25)SEE and later, if devices send EAPOL packets to
the switch during the lifetime of the link, the switch no longer allows
clients that fail authentication access to the guest VLAN.

******************************

What is the recommendation to configure guest-vlan supplicant command on
both platforms ? Kindly shed some light on the use of auth-fail with
guest-vlan. Is this true that if we configure guest-vlan on 3550 then
auth-fail funtionality will be automatically enabled means host which fails
authentication would also go into guest vlan ??

Waiting for your comments.

HTH

Blogs and organic groups at http://www.ccie.net

• Next message: Narbik Kocharians: "Re: IPv6 textbook"
• Previous message: Tom Harbert: "IPv6 textbook"
• Next in thread: Sadiq Yakasai: "Re: Guest-vlan"
• Maybe reply: Sadiq Yakasai: "Re: Guest-vlan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST