Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
0
Helpful
2
Replies

auth-fail VLAN vs Guest VLAN

Go to solution
rtjensen4
Level 4
Level 4

‎03-08-2010 01:14 PM - edited ‎03-10-2019 04:59 PM

Hi All,

What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?

What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?

What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jedubois
Cisco Employee
Cisco Employee

‎03-08-2010 04:26 PM

Hello,

     The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the

     user or machine authentication.  The Auth-Fail VLAN will be invoked after a number of failures

     not after the first authentication failure.  This is a configurable value.

     The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.

     You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want

     users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).

--Jesse

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jedubois
Cisco Employee
Cisco Employee

‎03-08-2010 04:26 PM

Hello,

     The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the

     user or machine authentication.  The Auth-Fail VLAN will be invoked after a number of failures

     not after the first authentication failure.  This is a configurable value.

     The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.

     You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want

     users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).

--Jesse

0 Helpful

Go to solution
rtjensen4
Level 4
Level 4
In response to jedubois

‎03-09-2010 09:49 AM

Thanks for the info.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents