What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?
What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?
What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...
Thanks in advance.
The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the
user or machine authentication. The Auth-Fail VLAN will be invoked after a number of failures
not after the first authentication failure. This is a configurable value.
The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.
You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want
users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).