×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Dot1x port authentication configuration

Unanswered Question
Apr 21st, 2012
User Badges:

Hello Friends,


I am working on dot1x configuration deployment project and wanted to clear one confusion, I am having simple setup in which after authentication, workstation should go to vlan decided by ACS and after failed authenticatio, workstation should go to Guest or auth-fail any one is fine since I will keep both same.


So I can understand that basic config should be as follows considering old IOS.


int fas0/1

dot1x port-control auto

switchport mode access

switchport guest-vlan 10

switchport auth-fail valn 10




Now I had see many configuration examples and found that many have defined vlan's in switchport mode access [5]

Why is this command needed since vlan will be assigned from ACS, Could somone tell me why few configuration have defind ports in some vlans already ?

Also what can be best practice in case ACS server goes down, since in that scenario all workstation will fail into auth-fail or Guest vlan's.

Is there any Best practices for such scenario's ?????

Thanks

Ajay

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion