CLI Guide
• Enable 802.1X authentication globally on the switch and on the port (the dot1x
authentication command).
• Enable MAC authentication bypass on the port (the dot1x mac-auth-bypass
command).
In MAB-only authentication mode, a port authenticates using the host MAC
address even though 802.1xauthentication is enabled. If the MAB-only
authentication fails, the host is placed in the guest VLAN (if configured).
To disable MAB-only authentication on a port, enter the no dot1x auth-type
mab-only
command.
Related
Commands
dot1x mac-auth-bypass — Enables MAC authentication bypass.
dot1x guest-vlan
Configure a guest VLAN for limited access users or for devices that are not 802.1X capable.
Syntax
dot1x guest-vlan vlan-id
To disable the guest VLAN, use the no dot1x guest-vlan vlan-id command.
Parameters
vlan-id Enter the VLAN Identifier. The range is from 1 to 4094.
Defaults Not configured.
Command Modes CONFIGURATION (conf-if-interface-slot/port)
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information
1X authentication is enabled when an interface is connected to the switch. If the
host fails to respond within a designated amount of time, the authenticator places
the port in the guest VLAN.
If a device does not respond within 30 seconds, it is assumed that the device is not
802.1X capable. Therefore, a guest VLAN is allocated to the interface and
authentication, for the device, occurs at the next reauthentication interval (dot1x
reauthentication
).
If the host fails authentication for the designated number of times, the
authenticator places the port in authentication failed VLAN (dot1x auth-fail-
vlan
).
802.1X
153