Re: Dot1x Auth-Fail-Vlan is not supported on multi-host mode from ALL From_NJ on 2009-08-23 (Ccielab archives 08/2009)

From: ALL From_NJ <all.from.nj_at_gmail.com>
Date: Sun, 23 Aug 2009 18:45:20 -0400

(Was writing this when I saw Ryan's response ;-))

In an odd way ... it kind of makes sense to me.

Multi-host mode says that when any one single client, out of the many
clients available, authenticates on the port, then authorize and enable the
port on the network.

The auth-fail command is saying that when a client fails authentication,
they should be placed into a particular vlan. These two are not
complimentary to each other since they could 'over ride' each other. Makes
sense?

Mr League, does the task ask you to support clients who do not support
dot1x? Or not when they fail auth? etc ... Just curious as to what the
task is asking for.

HTH,

Andrew Lee Lissitz

On Sun, Aug 23, 2009 at 6:37 PM, Ryan West <rwest_at_zyedge.com> wrote:

> Configuration guide is your friend:
>
>
> http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/sw8021x.html#wp1179086
>
> It makes sense when you think about what it's trying to accomplish.
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Darby Weaver
> Sent: Sunday, August 23, 2009 6:27 PM
> To: CCIE League
> Cc: CCIEGS
> Subject: Re: Dot1x Auth-Fail-Vlan is not supported on multi-host mode
>
> What version of IOS?
>
> I recall configuring this using multi-host without getting errors?
>
> On Sun, Aug 23, 2009 at 3:56 PM, CCIE League <ccieleague_at_ymail.com> wrote:
>
> > I am getting the following message when setting Auth fail VLAN where i
> have
> > to config multi-host support also.
> >
> >
> >
> > SW1(config-if)#dot1x auth-fail vlan 99
> >
> > Command rejected: Port is in multi-host mode
> >
> > Dot1x Auth-Fail-Vlan is not supported on multi-host mode
> >
> >
> > --------Config --------------
> > aaa new-model
> > aaa authentication dot1x default group radius
> >
> > dot1x system-auth-control
> > dot1x guest-vlan supplicant
> > !
> > interface FastEthernet0/14
> > switchport mode access
> > dot1x port-control auto
> > dot1x host-mode multi-host
> > dot1x guest-vlan 99
> > spanning-tree portfast
> >
> > ------------------------------------------------
> >
> >
> >
> >
> > Thanks for your help...
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Andrew Lee Lissitz
all.from.nj_at_gmail.com
Blogs and organic groups at http://www.ccie.net

Received on Sun Aug 23 2009 - 18:45:20 ART

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:57 ART