Manualshelf

Reference Guide

ManualsBrandsDell ManualsNetworkingForce10 S25-01-GE-24P
1301130213031304130513061307130813091310
1306 | Security
www.dell.com | support.dell.com
dot1x guest-vlan
c e s
Configure a guest VLAN for limited access users or for devices that are not 802.1X capable.
Syntax
dot1x guest-vlan vlan-id
To disable the guest VLAN, use the no dot1x guest-vlan vlan-id command.
Parameters
Defaults
Not configured
Command Modes
CONFIGURATION (conf-if-interface-slot/port)
Command
History
Usage
Information
802.1X authentication is enabled when an interface is connected to the switch. If the host fails to
respond within a designated amount of time, the authenticator places the port in the guest VLAN.
If a device does not respond within 30 seconds, it is assumed that the device is not 802.1X capable.
Therefore, a guest VLAN is allocated to the interface and authentication, for the device, will occur at
the next re-authentication interval (dot1x reauthentication).
If the host fails authentication for the designated amount of times, the authenticator places the port in
authentication failed VLAN (dot1x auth-fail-vlan).
Related
Commands
dot1x max-eap-req
c e s
Configure the maximum number of times an EAP (Extensive Authentication Protocol) request is
transmitted before the session times out.
Syntax
dot1x max-eap-req number
To return to the default, use the no dot1x max-eap-req command.
Parameters
Defaults
2
vlan-id
Enter the VLAN Identifier.
Range: 1 to 4094
Version 7.6.1.0 Introduced on C-Series, E-Series, and S-Series
Note: Layer 3 portion of guest VLAN and authentication fail VLANs can be created
regardless if the VLAN is assigned to an interface or not. Once an interface is assigned a guest
VLAN (which has an IP address), then routing through the guest VLAN is the same as any
other traffic. However, interface may join/leave a VLAN dynamically.
dot1x auth-fail-vlan
Configure a VLAN for authentication failures
dot1x reauthentication Enable periodic re-authentication
show dot1x interface Display the 802.1X information on an interface
number
Enter the number of times an EAP request is transmitted before a session time-out.
Range: 1 to 10
Default: 2