03-08-2010 01:14 PM - edited 03-10-2019 04:59 PM
Hi All,
What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?
What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?
What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...
Thanks in advance.
Solved! Go to Solution.
03-08-2010 04:26 PM
Hello,
The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the
user or machine authentication. The Auth-Fail VLAN will be invoked after a number of failures
not after the first authentication failure. This is a configurable value.
The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.
You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want
users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).
--Jesse
03-08-2010 04:26 PM
Hello,
The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the
user or machine authentication. The Auth-Fail VLAN will be invoked after a number of failures
not after the first authentication failure. This is a configurable value.
The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.
You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want
users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).
--Jesse
03-09-2010 09:49 AM
Thanks for the info.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide