Manualshelf

Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 Z9000
81828384858687888990
82 | 802.1X
www.dell.com | support.dell.com
The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices,
and the Authentication-fail VLAN 802.1X extension addresses this limitation with regard to external users.
If the supplicant fails authentication a specified number of times, the authenticator places the port in
the Authentication-fail VLAN.
If a port is already forwarding on the Guest VLAN when 802.1X is enabled, then the port is moved out
of the Guest VLAN, and the authentication process begins.
Configuring a Guest VLAN
If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, see
Configuring Timeouts on page 79) the system assumes that the host does not have 802.1X capability, and
the port is placed in the Guest VLAN.
Configure a port to be placed in the Guest VLAN after failing to respond within the timeout period using
the command
dot1x guest-vlan from INTERFACE mode, as shown in Figure 5-12.
Figure 5-12. Configuring a Guest VLAN
View your configuration using the command show config from INTERFACE mode, as shown in
Figure 5-12, or using the command
show dot1x interface command from EXEC Privilege mode as shown
in Figure 5-14.
Configuring an Authentication-fail VLAN
If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified amount
of time (30 seconds by default, see Configuring a Quiet Period after a Failed Authentication on page 76).
You can configure the maximum number of times the authenticator re-attempts authentication after a
failure (3 by default), after which the port is placed in the Authentication-fail VLAN.
Configure a port to be placed in the VLAN after failing the authentication process as specified number of
times using the command
dot1x auth-fail-vlan from INTERFACE mode, as shown in Figure 5-13.
Configure the maximum number of authentication attempts by the authenticator using the keyword
max-attempts with this command.
FTOS(conf-if-gi-1/2)#dot1x guest-vlan 200
FTOS(conf-if-gi-1/2)#show config
!
interface GigabitEthernet 1/2
switchport
dot1x guest-vlan 200
no shutdown
FTOS(conf-if-gi-1/2)#