GUEST VLAN

MAXXY1964 · ‎12-04-2009

Greating and thanks a lot for all help,

Can somone check my configuration.

I got a C3570 Core switch ( Router and my 10 secondary switches connected to the core switch) and 10 C2960 sec switches ( voor devices).

We want to redirect the Guest user to internet only no matter waar he plug his/haar laptop.

On wish switch do i have to apply the folowing configuration?

AND do i have to apply it on alle ports on the switches?

================================

8021x#show run
Building configuration...

Current configuration : 3581 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 8021x
!
enable secret 5 $1$HtAW$h3kVdFZu6LfGfxbCkOIfz.
enable password $@$#
!
username admin secret 5 $1$/1S5$/AbRJCDkamlGTfakXpMZ..
aaa new-model
aaa authentication dot1x default group radius
!
aaa session-id common
system mtu routing 1500
ip subnet-zero
!
ip dhcp pool net-1
network 192.168.220.0 255.255.255.0
default-router xxx.xxx.xxx.xxx ( ISA Server IP Address)
dns-server 192.168.210.23
lease 0 4
!
dot1x system-auth-control
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 10
dot1x timeout tx-period 5
dot1x max-req 3
dot1x guest-vlan 99
!
interface FastEthernet0/2
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 99
dot1x auth-fail vlan 1

!
interface FastEthernet0/3
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 10
dot1x timeout tx-period 5
dot1x max-req 3
!
interface FastEthernet0/4
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 3
dot1x timeout tx-period 15
dot1x auth-fail vlan 1

!
interface FastEthernet0/5
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 3
dot1x timeout tx-period 15
dot1x auth-fail vlan 1

!
interface FastEthernet0/6
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 3
dot1x timeout tx-period 15
dot1x auth-fail vlan 1
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x guest-vlan 99
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.210.65 255.255.255.0
ip helper-address 192.168.210.23
no ip route-cache
!
interface Vlan99
ip address 192.168.220.1 255.255.255.0
ip helper-address 192.168.210.23

no ip route-cache
!
ip http server
radius-server host 192.168.210.23 auth-port 1812 acct-port 1813 key DADADA
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 0 4
password !@#
line vty 5 15
password @#@!
end

Ganesh Hariharan · ‎12-07-2009

Hi Max,

Hope the below link will resolve your query,

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/Sw8021x.html#wp1065246

Regards

Ganesh.H

palthainon · ‎12-07-2009

https://supportforums.cisco.com/docs/DOC-4889;jsessionid=D6B144360F017FF3FA2B35A7A5AD1533.node0