cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
300
Views
0
Helpful
1
Replies

dot1x feature

acbenny
Level 1
Level 1

Dear expert,

I am testing the the dot1x feature and get the below result. I feel point 4 is not quite make sense.

Can I make that for dot1x client, Even they haven't enter their username and password, they also will

not be assigned to guest vlan ( vlan 99)

interface FastEthernet0/24

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x violation-mode protect

dot1x guest-vlan 99

dot1x auth-fail vlan 999

spanning-tree portfast

1) wait 30 sec for username prompt

2) For three times password verify fail, port 24 will cange to vlan 999

3) For dot1x non compatible client, wait 1 min 30 sec, port will change to vlan 99

4) For dot1x client, If connect to port 24 but not login, wait 1 min 30 sec, port will change to vlan 99

1 Reply 1

b.julin
Level 3
Level 3

You mean you want machines treated differently just because they are running a dot1x client? That does not seem very useful behavior. Anything can start a dot1x client.

Perhaps you want to look at machine level authentication so that the machine authenticates itself automatically, and then when a user logs in it reauthenticates as a user. Then you can send a different vlan depending on whether the machine is being used or not.

Or mac auth bypass.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: