dot1x feature

Unanswered Question
Mar 18th, 2009

Dear expert,

I am testing the the dot1x feature and get the below result. I feel point 4 is not quite make sense.

Can I make that for dot1x client, Even they haven't enter their username and password, they also will

not be assigned to guest vlan ( vlan 99)

interface FastEthernet0/24

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x violation-mode protect

dot1x guest-vlan 99

dot1x auth-fail vlan 999

spanning-tree portfast

1) wait 30 sec for username prompt

2) For three times password verify fail, port 24 will cange to vlan 999

3) For dot1x non compatible client, wait 1 min 30 sec, port will change to vlan 99

4) For dot1x client, If connect to port 24 but not login, wait 1 min 30 sec, port will change to vlan 99

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
b.julin Wed, 03/18/2009 - 06:50

You mean you want machines treated differently just because they are running a dot1x client? That does not seem very useful behavior. Anything can start a dot1x client.

Perhaps you want to look at machine level authentication so that the machine authenticates itself automatically, and then when a user logs in it reauthenticates as a user. Then you can send a different vlan depending on whether the machine is being used or not.

Or mac auth bypass.


This Discussion