Command Line Reference Guide

Commands

dot1x authentication (Configuration) – enables dot1x globally.

dot1x auth-fail-vlan

Configure an authentication failure VLAN for users and devices that fail 802.1X authentication.

S5000

Syntax

dot1x auth-fail-vlan vlan-id [max-attempts number]

To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-

[max-attempts number] command.

Parameters

vlan-id

Enter the VLAN Identifier. The range is 1 to 4094.

max-attempts

number

(OPTIONAL) Enter the keywords max-attempts followed number

of attempts desired before authentication fails. The range is 1 to 5.

The default is 3.

Defaults 3 attempts

Command Modes CONFIGURATION (conf-if-interface-slot/port)

Command History

Version 9.0(1.3) Introduced on the S5000.

Usage

Information

If the host responds to 802.1X with an incorrect login/password, the login fails. The switch

attempts to authenticate again until the maximum attempts configured is reached. If the

authentication fails after all allowed attempts, the interface is moved to the authentication

failed VLAN.

After the authentication VLAN is assigned, the port-state must be toggled to restart

authentication. Authentication occurs at the next re-authentication interval (dot1x

reauthentication).

Commands

dot1x port-control – enables port-control on an interface.

dot1x guest-vlan – configures a guest VLAN for non-dot1x devices.

show dot1x interface – displays the 802.1X information on an interface.

1149