Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

auth-fail VLAN vs Guest VLAN

Hi All,

What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?

What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?

What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: auth-fail VLAN vs Guest VLAN

Hello,

     The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the

     user or machine authentication.  The Auth-Fail VLAN will be invoked after a number of failures

     not after the first authentication failure.  This is a configurable value.

     The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.

     You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want

     users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).

--Jesse

2 REPLIES
Cisco Employee

Re: auth-fail VLAN vs Guest VLAN

Hello,

     The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the

     user or machine authentication.  The Auth-Fail VLAN will be invoked after a number of failures

     not after the first authentication failure.  This is a configurable value.

     The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.

     You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want

     users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).

--Jesse

Bronze

Re: auth-fail VLAN vs Guest VLAN

Thanks for the info.

510
Views
0
Helpful
2
Replies