auth-fail VLAN vs Guest VLAN

Answered Question
Mar 8th, 2010

Hi All,

What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?

What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?

What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...

Thanks in advance.

I have this problem too.
0 votes
Correct Answer by jedubois about 6 years 9 months ago

Hello,

     The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the

     user or machine authentication.  The Auth-Fail VLAN will be invoked after a number of failures

     not after the first authentication failure.  This is a configurable value.

     The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.

     You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want

     users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).

--Jesse

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jedubois Mon, 03/08/2010 - 16:26

Hello,

     The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the

     user or machine authentication.  The Auth-Fail VLAN will be invoked after a number of failures

     not after the first authentication failure.  This is a configurable value.

     The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.

     You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want

     users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).

--Jesse

Actions

This Discussion