Reference Guide
Security | 837
If the host fails authentication for the designated amount of times, the authenticator places the port in
authentication failed VLAN (dot1x auth-fail-vlan).
Related
Commands
dot1x mac-auth-bypass
s z
Enable MAC authentication bypass. If 802.1X times out because the host did not respond to the
Identity Request frame, FTOS attempts to authenticate the host based on its MAC address.
Syntax
[no] dot1x mac-auth-bypass
Defaults
Disabled
Command Modes
INTERFACE
Command History
Usage Information
To disable MAC authentication bypass on a port, enter the no dot1x mac-auth-bypass command.
dot1x max-eap-req
s z
Configure the maximum number of times an EAP (Extensive Authentication Protocol) request is
transmitted before the session times out.
Syntax
dot1x max-eap-req number
To return to the default, use the no dot1x max-eap-req command.
Parameters
Defaults
2
Command Modes
INTERFACE
Note: Layer 3 portion of guest VLAN and authentication fail VLANs can be created
regardless if the VLAN is assigned to an interface or not. Once an interface is assigned a guest
VLAN (which has an IP address), then routing through the guest VLAN is the same as any
other traffic. However, interface may join/leave a VLAN dynamically.
dot1x auth-fail-vlan
Configure a VLAN for authentication failures
dot1x reauthentication Enable periodic re-authentication
show dot1x interface Display the 802.1X information on an interface
S6000
Version 9.0.2.0 Introduced on the S6000.
Version 8.3.11.1 Introduced on Z9000
Version
8.3.7.0
Introduced on the S-Series.
S6000
number
Enter the number of times an EAP request is transmitted before a session time-out.
Range: 1 to 10
Default: 2