Reference Guide
NOTE: The layer 3 portion of guest VLAN and authentication fail VLANs can be created
regardless if the VLAN is assigned to an interface or not. After an interface is assigned a
guest VLAN (which has an IP address), routing through the guest VLAN is the same as any
other traffic. However, the interface may join/leave a VLAN dynamically.
Related
Commands
dot1x auth-fail-vlan – configures a VLAN for authentication failures.
dot1x reauthentication – enables periodic re-authentication.
show dot1x interface – displays the 802.1X information on an interface.
dot1x mac-auth-bypass
Enable MAC authentication bypass. If 802.1X times out because the host did not respond to the Identity Request frame,
FTOS attempts to authenticate the host based on its MAC address.
C-Series, S-Series, Z-Series, S4810
Syntax
[no] dot1x mac-auth-bypass
Defaults Disabled
Command Modes INTERFACE
Command History
Version 8.3.11.4 Introduced on the Z9000.
Version 8.4.1.0 Introduced on the C-Series and S-Series.
Usage
Information
To disable MAC authentication bypass on a port, enter the no dot1x mac-auth-bypass
command.
dot1x max-eap-req
Configure the maximum number of times an extensive authentication protocol (EAP) request is transmitted before the
session times out.
C-Series, E-Series, S-Series, Z-Series, S4810
Syntax
dot1x max-eap-req number
To return to the default, use the no dot1x max-eap-req command.
Parameters
number
Enter the number of times an EAP request is transmitted before a
session time-out. The range is 1 to 10. The default is 2.
Defaults 2
Command Modes INTERFACE
Command History
Version 8.3.11.1 Introduced on the Z9000.
Version 8.3.7.0 Introduced on the S4810.
Version 7.6.1.0 Introduced on the C-Series and S-Series.
1457