Re: Dot1x Auth-Fail-Vlan is not supported on multi-host mode

Thanks... still trying to fig out.... thanks Ryan for the doc...

Q says
multiple hosts connected to this interface f0/14.
Hosts fialing
"authorisation" should go to vlan 99 also hosts without dot1x support goto
vlan 99

________________________________
From: ALL From_NJ
<all.from.nj_at_gmail.com>
To: Ryan West <rwest_at_zyedge.com>
Cc: Darby Weaver
<darby.weaver_at_gmail.com>; CCIE League <ccieleague_at_ymail.com>; CCIEGS
<ccielab_at_groupstudy.com>
Sent: Sunday, 23 August, 2009 23:45:20
Subject: Re:
Dot1x Auth-Fail-Vlan is not supported on multi-host mode

(Was writing this
when I saw Ryan's response ;-))

In an odd way ... it kind of makes sense to
me.

Multi-host mode says that when any one single client, out of the many
clients available, authenticates on the port, then authorize and enable the
port on the network.

The auth-fail command is saying that when a client
fails authentication, they should be placed into a particular vlan. These two
are not complimentary to each other since they could 'over ride' each other.
Makes sense?

Mr League, does the task ask you to support clients who do not
support dot1x? Or not when they fail auth? etc ... Just curious as to what
the task is asking for.

HTH,

Andrew Lee Lissitz

On Sun, Aug 23, 2009
at 6:37 PM, Ryan West <rwest_at_zyedge.com> wrote:

Configuration guide is your
friend:
>
>http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/r
elease/12.2_25_see/configuration/guide/sw8021x.html#wp1179086
>
>It makes
sense when you think about what it's trying to accomplish.
>
>-ryan
>
>
>-----Original Message-----
>From: nobody_at_groupstudy.com
[mailto:nobody_at_groupstudy.com] On Behalf Of Darby Weaver
>Sent: Sunday, August
23, 2009 6:27 PM
>To: CCIE League
>Cc: CCIEGS
>Subject: Re: Dot1x
Auth-Fail-Vlan is not supported on multi-host mode
>
>What version of IOS?
>
>I recall configuring this using multi-host without getting errors?
>
>On Sun,
Aug 23, 2009 at 3:56 PM, CCIE League <ccieleague_at_ymail.com> wrote:
>
>> I am
getting the following message when setting Auth fail VLAN where i have
>> to
config multi-host support also.
>>
>>
>>
>> SW1(config-if)#dot1x auth-fail
vlan 99
>>
>> Command rejected: Port is in multi-host mode
>>
>> Dot1x
Auth-Fail-Vlan is not supported on multi-host mode
>>
>>
>> --------Config
--------------
>> aaa new-model
>> aaa authentication dot1x default group
radius
>>
>> dot1x system-auth-control
>> dot1x guest-vlan supplicant
>> !
>>
interface FastEthernet0/14
>> switchport mode access
>> dot1x port-control
auto
>> dot1x host-mode multi-host
>> dot1x guest-vlan 99
>> spanning-tree
portfast
>>
>> ------------------------------------------------
>>
>>
>>
>>
>>
Thanks for your help...
>>
>>
>> Blogs and organic groups at
http://www.ccie.net
>>
>>
Received on Sun Aug 23 2009 - 23:09:59 ART