Users Guide
dot1x auth-fail-vlan
Congure an authentication failure VLAN for users and devices that fail 802.1X authentication.
Syntax
dot1x auth-fail-vlan vlan-id [max-attempts number]
To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-id [max-
attempts number] command.
Parameters
vlan-id Enter the VLAN Identier. The range is from 1 to 4094.
max-attempts
number
(OPTIONAL) Enter the keywords max-attempts then number of attempts desired
before authentication fails. The range is from 1 to 5. The default is 3.
Defaults 3 attempts
Command Modes CONFIGURATION (conf-if-interface-slot/port)
Command History
This guide is platform-specic. For command information about other platforms, see the relevant Dell Networking
OS Command Line Reference Guide.
Version Description
9.10(0.0) Introduced on the S6100-ON.
9.8(1.0) Introduced on the Z9100-ON.
9.8(0.0P5) Introduced on the S4048-ON.
9.8(0.0P2) Introduced on the S3048-ON.
9.7(0.0) Introduced on the S6000–ON.
9.2(1.0) Introduced on the Z9500.
9.0.2.0 Introduced on the S6000.
8.3.19.0 Introduced on the S4820T.
8.3.7.0 Introduced on the S4810.
7.6.1.0 Introduced on the C-Series, S-Series, and E-Series.
Usage Information
If the host responds to 802.1X with an incorrect login/password, the login fails. The switch attempts to
authenticate again until the maximum attempts congured is reached. If the authentication fails after all allowed
attempts, the interface is moved to the authentication failed VLAN.
After the authentication VLAN is assigned, the port-state must be toggled to restart authentication. Authentication
occurs at the next re-authentication interval (dot1x reauthentication).
Related Commands
• dot1x port-control — enables port-control on an interface.
• dot1x guest-vlan — congures a guest VLAN for non-dot1x devices.
• show dot1x interface — displays the 802.1X information on an interface.
Security 1425