Reference Guide
Security | 1305
dot1x auth-fail-vlan
c e s
Configure a authentication failure VLAN for users and devices that fail 802.1X authentication.
Syntax
dot1x auth-fail-vlan vlan-id [max-attempts number]
To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-id
[max-attempts number] command.
Parameters
Defaults
3 attempts
Command Modes
CONFIGURATION (conf-if-interface-slot/port)
Command
History
Usage
Information
If the host responds to 802.1X with an incorrect login/password, the login fails. The switch will
attempt to authenticate again until the maximum attempts configured is reached. If the authentication
fails after all allowed attempts, the interface is moved to the authentication failed VLAN.
Once the authentication VLAN is assigned, the port-state must be toggled to restart authentication.
Authentication will occur at the next re-authentication interval (dot1x reauthentication).
Related
Commands
dot1x auth-server
c e s
Configure the authentication server to RADIUS.
Syntax
dot1x auth-server radius
Defaults
No default behavior or values
Command Modes
CONFIGURATION
Command
History
vlan-id
Enter the VLAN Identifier.
Range: 1 to 4094
max-attempts number (OPTIONAL) Enter the keyword max-attempts followed number of
attempts desired before authentication fails.
Range: 1 to 5
Default: 3
Version 7.6.1.0 Introduced on C-Series, E-Series and S-Series
dot1x port-control Enable port-control on an interface
dot1x guest-vlan Configure a guest VLAN for non-dot1x devices
show dot1x interface Display the 802.1X information on an interface
Version 7.6.1.0 Introduced on C-Series and S-Series
Version 7.4.1.0 Introduced on E-Series