Reference Guide
258 Network Security
–
Guest VLAN
— Enable/disable the use of a Guest VLAN for
unauthorized ports. If a Guest VLAN is enabled, all unauthorized
ports automatically join the VLAN selected in the Guest VLAN ID
field. If a port is later authorized, it is removed from the Guest VLAN.
–
VLAN List
— Select the Guest VLAN from the VLAN list.
–
Accept Supplicant when Dynamic Policy/ACL Assignment Has No
Resources
— If no resources remain in the TCAM, the system can
either reject (disable) or allow (enable) successful authentication.
Enabling Port-Based Authentication Globally Using the CLI Commands
The following table summarizes the CLI commands for enabling the port
based authentication as displayed in the Port Based Authentication Global
page.
Table 9-12. Port-Based Authentication Global CLI Commands
CLI Command Description
aaa authentication dot1x
default {radius | none |
{radius | none}}
no aaa authentication dot1x
default
Specifies one or more AAA methods for
use on interfaces running IEEE 802.1X.
Use the no form of this command to
restore the default configuration.
dot1x system-auth-control
no dot1x system-auth-control
Enables 802.1x globally.
Use the no form of this command to
restore the default configuration.
dot1x guest-vlan
no dot1x guest-vlan
Contains a list of VLANs. The guest
VLAN is selected from the VLAN List.
Use the no form of this command to
disable access.
show dot1x [interface
interface-id | detailed]
Displays 802.1X status for the device.