Setup Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

100

The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices and the Authentication-fail VLAN

802.1X extension addresses this limitation with regard to external users.

• If the supplicant fails authentication a specied number of times, the authenticator places the port in the Authentication-fail VLAN.

• If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of the Guest VLAN and the

authentication process begins.

Conguring a Guest VLAN

If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, the system assumes that the host

does not have 802.1X capability and the port is placed in the Guest VLAN.

NOTE: For more information about conguring timeouts, refer to Conguring

Timeouts.

Congure a port to be placed in the Guest VLAN after failing to respond within the timeout period using the dot1x guest-vlan

command from INTERFACE mode. View your conguration using the show config command from INTERFACE mode or using the show

dot1x interface command from EXEC Privilege mode.

Example of Viewing Guest VLAN Conguration

DellEMC(conf-if-gi-2/1)#dot1x guest-vlan 200

DellEMC(conf-if-gi 2/1))#show config

interface GigabitEthernet 2/1

switchport

dot1x guest-vlan 200

no shutdown

DellEMC(conf-if-gi 2/1))#

Conguring an Authentication-Fail VLAN

If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specied amount of time.

NOTE

: For more information about authenticator re-attempts, refer to Conguring a Quiet Period after a Failed

Authentication.

You can congure the maximum number of times the authenticator re-attempts authentication after a failure (3 by default), after which the

port is placed in the Authentication-fail VLAN.

Congure a port to be placed in the VLAN after failing the authentication process as specied number of times using the dot1x auth-

fail-vlan command from INTERFACE mode. Congure the maximum number of authentication attempts by the authenticator using

the keyword

max-attempts with this command.

Example of Conguring Maximum Authentication Attempts

DellEMC(conf-if-gi-2/1)#dot1x guest-vlan 200

DellEMC(conf-if-gi 2/1)#show config

interface GigabitEthernet 2/1

switchport

dot1x authentication

dot1x guest-vlan 200

no shutdown

DellEMC(conf-if-gi-2/1)#

DellEMC(conf-if-gi-2/1)#dot1x auth-fail-vlan 100 max-attempts 5

DellEMC(conf-if-gi-2/1)#show config

interface GigabitEthernet 2/1

switchport

dot1x authentication

100

802.1X