Command Line Reference Guide
To disable the guest VLAN, use the no dot1x guest-vlan vlan-id command.
Parameters
vlan-id Enter the VLAN Identifier. The range is from 1 to 4094.
Defaults Not configured.
Command
Modes
CONFIGURATION (conf-if-interface-slot/port)
Command
History
Version 9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
Usage
Information
1X authentication is enabled when an interface is connected to the switch. If the
host fails to respond within a designated amount of time, the authenticator places
the port in the guest VLAN.
If a device does not respond within 30 seconds, it is assumed that the device is not
802.1X capable. Therefore, a guest VLAN is allocated to the interface and
authentication, for the device, occurs at the next reauthentication interval (dot1x
reauthentication).
If the host fails authentication for the designated number of times, the
authenticator places the port in authentication failed VLAN (dot1x auth-fail-
vlan
).
NOTE: You can create the Layer 3 portion of a guest VLAN and authentication
fail VLANs regardless if the VLAN is assigned to an interface or not. After an
interface is assigned a guest VLAN (which has an IP address), routing through
the guest VLAN is the same as any other traffic. However, the interface may
join/leave a VLAN dynamically.
Related
Commands
• dot1x auth-fail-vlan — Configures an authentication failure VLAN.
• dot1x reauthentication — Enables periodic re-authentication of the client.
• dot1x reauth-max — Configure the maximum number of times to re-
authenticate a port before it becomes unauthorized.
dot1x host-mode
Enable single-host or multi-host authentication.
Syntax
dot1x host-mode {single-host | multi-host | multi-auth}
Parameters
single-host Enable single-host authentication.
multi-host Enable multi-host authentication.
multi-auth Enable multi-supplicant authentication.
802.1X
129