Reference Guide
Usage
Information
802.1X authentication is enabled when an interface is connected to the switch. If the host fails
to respond within a designated amount of time, the authenticator places the port in the guest
VLAN.
If a device does not respond within 30 seconds, it is assumed that the device is not 802.1X
capable. Therefore, a guest VLAN is allocated to the interface and authentication for the
device occurs at the next re-authentication interval (dot1x reauthentication).
If the host fails authentication for the designated number of times, the authenticator places the
port in authentication failed VLAN (dot1x auth-fail-vlan).
NOTE: The layer 3 portion of guest VLAN and authentication fail VLANs can be created
regardless if the VLAN is assigned to an interface or not. After an interface is assigned a
guest VLAN (which has an IP address), routing through the guest VLAN is the same as any
other traffic. However, the interface may join/leave a VLAN dynamically.
Related
Commands
dot1x auth-fail-vlan — configures a VLAN for authentication failures.
dot1x reauthentication — enables periodic re-authentication.
show dot1x interface — displays the 802.1X information on an interface.
dot1x mac-auth-bypass
Enable MAC authentication bypass. If 802.1X times out because the host did not respond to the Identity Request frame,
FTOS attempts to authenticate the host based on its MAC address.
Z9000
Syntax
[no] dot1x mac-auth-bypass
Defaults Disabled
Command Modes INTERFACE
Command History
This guide is platform-specific. For command information about other platforms, refer to the
relevant
FTOS Command Line Reference Guide
.
The following is a list of the FTOS version history for this command.
Version 8.3.19.0 Introduced on the S4820T.
Version 8.3.11.4 Introduced on the Z9000.
Version 8.3.7.0 Introduced on the S4810.
Version 8.4.1.0 Introduced on the C-Series and S-Series.
Usage
Information
To disable MAC authentication bypass on a port, enter the no dot1x mac-auth-bypass
command.
1258