Solved: auth-fail VLAN vs Guest VLAN

rtjensen4 · ‎03-08-2010

Hi All,

What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?

What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?

What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...

Thanks in advance.

jedubois · ‎03-08-2010

Hello,

The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the

user or machine authentication. The Auth-Fail VLAN will be invoked after a number of failures

not after the first authentication failure. This is a configurable value.

The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.

You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want

users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).

--Jesse

View solution in original post

jedubois · ‎03-08-2010