Administrator Guide
Untagged VLAN id: None
Guest VLAN: Enable
Guest VLAN id: 100
Auth-Fail VLAN: Enable
Auth-Fail VLAN id: 200
Auth-Fail Max-Attempts:3
Critical VLAN: Enable
Critical VLAN id: 300
Mac-Auth-Bypass Only: Disable
Static-MAB: Enable
Static-MAB Profile: Sample
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 10
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 7200 seconds
Max-EAP-Req: 10
Auth Type: SINGLE_HOST
Auth PAE State: Authenticated
Backend State: Idle
Conguring Critical VLAN
By default, critical-VLAN is not congured. If authentication fails because of a server which is not reachable, user session is authenticated
under critical-VLAN.
To congure a critical-VLAN for users or devices when authenticating server is not reachable, use the following command.
• Enable critical VLAN for users or devices
INTERFACE mode
dot1x critical-vlan [{vlan-id}]
Specify a VLAN interface identier to be congured as a critical VLAN. The VLAN ID range is 1– 4094.
Example of Conguring a Critical VLAN for an Interface
Dell(conf-if-Te-2/1)#dot1x critical-vlan 300
Dell(conf-if-Te 2/1)#show config
!
interface TenGigabitEthernet 2/1
switchport
dot1x critical-vlan 300
no shutdown
Dell#show dot1x interface tengigabitethernet 2/1
802.1x information on Te 2/1:
------------------------------------------------------
Dot1x Status: Enable
Port Control: AUTO
Port Auth Status: AUTHORIZD(MAC-AUTH-BYPASS)
Critical VLAN Enable
Critical VLAN id: 300
Re-Authentication: Disable
Untagged VLAN id: 400
Guest VLAN: Enable
Guest VLAN id: 100
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Mac-Auth-Bypass: Enable
Mac-Auth-Bypass Only: Enable
Tx Period: 3 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
802.1X
95