Specifications
dot1x force-authorized vlan
371
dot1x force-authorized vlan
When the RADIUS authentication method is used, if the RADIUS server does not respond
or a request to a RADIUS server fails due to route failure, this command forcibly changes
the status of a terminal, that requests authentication on the applicable port, to
authentication authorized and assigns a post-authentication VLAN.
Syntax
To set or change information:
dot1x force-authorized vlan <VLAN ID>
To delete information:
no dot1x force-authorized
Input mode
(config-if)
Parameters
<VLAN ID>
Sets the post-authentication VLAN ID to be assigned when forced authentication is
authorized.
1. Default value when this parameter is omitted:
This parameter cannot be omitted.
2. Range of values:
See Specifiable values for parameters. Note that the default VLAN (
VLAN ID =
1
) cannot be set.
Default behavior
None
Impact on communication
None
When the change is applied
The change is applied immediately after setting values are changed.
Notes
1. All IEEE 802.1X settings take effect when the dot1x system-auth-control
command is set.
2. See Table 22-1 Configuration commands and IEEE 802.1X authentication modes for
the authentication mode in which the command's settings are operable.
3. Set a VLAN ID for which
mac-based (MAC VLAN) has been set in the vlan
command.
4. Be especially careful when using this functionality, as it can pose a security problem.
5. This command takes effect when the following condition is met:
All the following configurations have been set:
- dot1x system-auth-control
-
radius-server host or dot1x radius-server host