Administrator Guide
Security Commands 999
dot1x timeout guest-vlan-period
Use the dot1x timeout guest-vlan-period command in Interface
Configuration mode to set the number of seconds that the switch waits
before authorizing the client if the client is an 802.1X unaware client. Use the
no form of the command to return the timeout to the default value.
Syntax
dot1x timeout guest-vlan-period
seconds
no dot1x timeout guest-vlan-period
•
seconds —
Time in seconds that the switch waits before authorizing the
client if the client is a
802.1X
unaware client. Range 1-300.
Default Configuration
The switch remains in the quiet state for 90 seconds.
Command Mode
Interface Configuration (Ethernet) mode
User Guidelines
It is recommended that the user set the dot1x timeout guest-vlan-period to at
least three times the while timer so that at least three EAP Requests are sent,
before assuming that the client is an 802.1X unaware client. An 802.1X
unaware client is one that does not respond to EAP-Request/Identity frames
and does not send EAPOL-Start or EAP-Response/Identity frames.
Example
The following example sets the 802.1X timeout guest vlan period to 100
seconds.
console(config)# dot1x timeout guest-vlan-period 100
dot1x unauth-vlan
Use the dot1x unauth-vlan command in Interface Configuration mode to
specify the unauthenticated VLAN on a port. The unauthenticated VLAN is
the VLAN to which supplicants that fail 802.1x authentication are assigned.
2CSNXXX_SWUM204.book Page 999 Monday, January 25, 2016 1:25 PM