Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Dot1x port authentication configuration

Hello Friends,

I am working on dot1x configuration deployment project and wanted to clear one confusion, I am having simple setup in which after authentication, workstation should go to vlan decided by ACS and after failed authenticatio, workstation should go to Guest or auth-fail any one is fine since I will keep both same.

So I can understand that basic config should be as follows considering old IOS.

int fas0/1

dot1x port-control auto

switchport mode access

switchport guest-vlan 10

switchport auth-fail valn 10

Now I had see many configuration examples and found that many have defined vlan's in switchport mode access [5]

Why is this command needed since vlan will be assigned from ACS, Could somone tell me why few configuration have defind ports in some vlans already ?

Also what can be best practice in case ACS server goes down, since in that scenario all workstation will fail into auth-fail or Guest vlan's.

Is there any Best practices for such scenario's ?????



CreatePlease to create content