Command Reference Guide
802.1X | 167
Command Modes
EXEC Privilege
Command
History
dot1x auth-fail-vlan
c e s
Configure an authentication failure VLAN for users and devices that fail 802.1X
authentication.
Syntax
dot1x auth-fail-vlan vlan-id [max-attempts number]
To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-id
[max-attempts number] command.
Parameters
Defaults
3 attempts
Command Modes
CONFIGURATION (conf-if-interface-slot/port)
Command
History
Usage
Information
If the host responds to 802.1X with an incorrect login/password, the login fails. The switch
will attempt to authenticate again until the maximum attempts configured is reached. If the
authentication fails after all allowed attempts, the interface is moved to the authentication
failed VLAN.
Once the authentication VLAN is assigned, the port-state must be toggled to restart
authentication. Authentication will occur at the next re-authentication interval (dot1x
reauthentication).
Related
Commands
Version 8.3.12.0 Introduced on the S4810.
Version 8.4.1.0 Introduced on C-Series and S-Series
vlan-id
Enter the VLAN Identifier.
Range: 1 to 4094
max-attempts number
(OPTIONAL) Enter the keyword max-attempts followed number of
attempts desired before authentication fails.
Range: 1 to 5
Default: 3
Version 8.3.12.0 Introduced on the S4810.
Version 7.6.1.0 Introduced on C-Series, E-Series and S-Series
dot1x port-control Enable port control on an interface.
dot1x guest-vlan Configure a guest VLAN for limited access users or for devices that are
not 802.1X capable.
show dot1x interface Display the 802.1X configuration of an interface.