HI League
Again, as others have mentioned, I would definately seek clarification from
the vendor.
It would not be the 1st time there was a typo in a task, or the task is
worded incorrectly.
An example like this certainly shows how essential it is to read & know the
doccd.
I have a lot more reading to do myself in that regard.
Regards
Roy
2009/8/24 CCIE League <ccieleague_at_ymail.com>
> Thanks... still trying to fig out.... thanks Ryan for the doc...
>
> Q says
> multiple hosts connected to this interface f0/14.
> Hosts fialing
> "authorisation" should go to vlan 99 also hosts without dot1x support goto
> vlan 99
>
>
>
>
>
>
>
> ________________________________
> From: ALL From_NJ
> <all.from.nj_at_gmail.com>
> To: Ryan West <rwest_at_zyedge.com>
> Cc: Darby Weaver
> <darby.weaver_at_gmail.com>; CCIE League <ccieleague_at_ymail.com>; CCIEGS
> <ccielab_at_groupstudy.com>
> Sent: Sunday, 23 August, 2009 23:45:20
> Subject: Re:
> Dot1x Auth-Fail-Vlan is not supported on multi-host mode
>
> (Was writing this
> when I saw Ryan's response ;-))
>
> In an odd way ... it kind of makes sense to
> me.
>
> Multi-host mode says that when any one single client, out of the many
> clients available, authenticates on the port, then authorize and enable the
> port on the network.
>
> The auth-fail command is saying that when a client
> fails authentication, they should be placed into a particular vlan. These
> two
> are not complimentary to each other since they could 'over ride' each
> other.
> Makes sense?
>
> Mr League, does the task ask you to support clients who do not
> support dot1x? Or not when they fail auth? etc ... Just curious as to
> what
> the task is asking for.
>
> HTH,
>
> Andrew Lee Lissitz
>
>
>
>
> On Sun, Aug 23, 2009
> at 6:37 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
> Configuration guide is your
> friend:
> >
> >
> http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/r
> elease/12.2_25_see/configuration/guide/sw8021x.html#wp1179086<http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/software/r%0Aelease/12.2_25_see/configuration/guide/sw8021x.html#wp1179086>
> >
> >It makes
> sense when you think about what it's trying to accomplish.
> >
> >-ryan
> >
> >
> >-----Original Message-----
> >From: nobody_at_groupstudy.com
> [mailto:nobody_at_groupstudy.com] On Behalf Of Darby Weaver
> >Sent: Sunday, August
> 23, 2009 6:27 PM
> >To: CCIE League
> >Cc: CCIEGS
> >Subject: Re: Dot1x
> Auth-Fail-Vlan is not supported on multi-host mode
> >
> >What version of IOS?
> >
> >I recall configuring this using multi-host without getting errors?
> >
> >On Sun,
> Aug 23, 2009 at 3:56 PM, CCIE League <ccieleague_at_ymail.com> wrote:
> >
> >> I am
> getting the following message when setting Auth fail VLAN where i have
> >> to
> config multi-host support also.
> >>
> >>
> >>
> >> SW1(config-if)#dot1x auth-fail
> vlan 99
> >>
> >> Command rejected: Port is in multi-host mode
> >>
> >> Dot1x
> Auth-Fail-Vlan is not supported on multi-host mode
> >>
> >>
> >> --------Config
> --------------
> >> aaa new-model
> >> aaa authentication dot1x default group
> radius
> >>
> >> dot1x system-auth-control
> >> dot1x guest-vlan supplicant
> >> !
> >>
> interface FastEthernet0/14
> >> switchport mode access
> >> dot1x port-control
> auto
> >> dot1x host-mode multi-host
> >> dot1x guest-vlan 99
> >> spanning-tree
> portfast
> >>
> >> ------------------------------------------------
> >>
> >>
> >>
> >>
> >>
> Thanks for your help...
> >>
> >>
> >> Blogs and organic groups at
> http://www.ccie.net
> >>
> >>
> _______________________________________________________________________
> >>
> Subscription information may be found at:
> >>
> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >Blogs and organic groups at
> http://www.ccie.net
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >Blogs and organic groups at
> http://www.ccie.net
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Andrew Lee
> Lissitz
> all.from.nj_at_gmail.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Regards Roy Blogs and organic groups at http://www.ccie.netReceived on Mon Aug 24 2009 - 15:57:48 ART
This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 05:43:57 ART