CLI Guide
dot1x authentication (Interface)
Enable dot1x on an interface. Enable dot1x both globally and at the interface level.
Syntax
dot1x authentication
To disable dot1x on an interface, use the no dot1x authentication command.
Defaults Disabled
Command Modes INTERFACE
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
Related Commands dot1x authentication (Conguration) — Enable dot1x globally.
dot1x auth-fail-vlan
Congure an authentication failure VLAN for users and devices that fail 802.1X authentication.
Syntax
dot1x auth-fail-vlan vlan-id [max-attempts number]
To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-id [max-
attempts number] command.
Parameters
vlan-id Enter the VLAN Identier. The range is from 1 to 4094.
max-attempts
number
(OPTIONAL) Enter the keywords max-attempts followed number of attempts desired
before authentication fails. The range is from 1 to 5. The default is 3.
Defaults 3 attempts
Command Modes CONFIGURATION (conf-if-interface-slot/port)
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information
If the host responds to 802.1X with an incorrect login/password, the login fails. The switch attempts to
authenticate again until the maximum attempts congured is reached. If the authentication fails after all allowed
attempts, the interface moves to the authentication failed VLAN.
After the authentication VLAN is assigned, the port-state must be toggled to restart authentication. Authentication
occurs at the next reauthentication interval (dot1x reauthentication).
802.1X 135