Reference Guide
802.1X | 97
Defaults
Disabled
Command Modes
EXEC Privilege
Command
History
dot1x auth-fail-vlan
s
Configure an authentication failure VLAN for users and devices that fail 802.1X
authentication.
Syntax
dot1x auth-fail-vlan vlan-id [max-attempts number]
To delete the authentication failure VLAN, use the no dot1x auth-fail-vlan vlan-id
[max-attempts number] command.
Parameters
Defaults
3 attempts
Command Modes
CONFIGURATION (conf-if-interface-slot/port)
Command
History
Usage
Information
If the host responds to 802.1X with an incorrect login/password, the login fails. The
switch will attempt to authenticate again until the maximum attempts configured is
reached. If the authentication fails after all allowed attempts, the interface is moved
to the authentication failed VLAN.
Once the authentication VLAN is assigned, the port-state must be toggled to restart
authentication. Authentication will occur at the next re-authentication interval (dot1x
reauthentication).
Related
Commands
Version 9.0.2.0 Introduced on S6000
Version 8.3.12.0 Introduced on the S4810.
Version 8.4.1.0 Introduced on S-Series
S6000
vlan-id Enter the VLAN Identifier.
Range: 1 to 4094
max-attempts number (OPTIONAL) Enter the keyword max-attempts followed number
of attempts desired before authentication fails.
Range: 1 to 5
Default: 3
Version 9.0.2.0 Introduced on S6000
Version 8.3.12.0 Introduced on the S4810.
Version 8.4.1.0 Introduced on S-Series
dot1x port-control Enable port control on an interface.