Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

dot1x feature

Dear expert,

I am testing the the dot1x feature and get the below result. I feel point 4 is not quite make sense.

Can I make that for dot1x client, Even they haven't enter their username and password, they also will

not be assigned to guest vlan ( vlan 99)

interface FastEthernet0/24

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x violation-mode protect

dot1x guest-vlan 99

dot1x auth-fail vlan 999

spanning-tree portfast

1) wait 30 sec for username prompt

2) For three times password verify fail, port 24 will cange to vlan 999

3) For dot1x non compatible client, wait 1 min 30 sec, port will change to vlan 99

4) For dot1x client, If connect to port 24 but not login, wait 1 min 30 sec, port will change to vlan 99

New Member

Re: dot1x feature

You mean you want machines treated differently just because they are running a dot1x client? That does not seem very useful behavior. Anything can start a dot1x client.

Perhaps you want to look at machine level authentication so that the machine authenticates itself automatically, and then when a user logs in it reauthenticates as a user. Then you can send a different vlan depending on whether the machine is being used or not.

Or mac auth bypass.

CreatePlease to create content