Solved: Re: guest-vlan; catalyst 2960

alaeddine.elfawal · ‎04-18-2011

Hello,

I would like to configure a guest-vlan and restricted-vlan on a 2960 switch, but I can not.

The IOS version (obtained trough: show version) is:

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 52    WS-C2960S-48FPS-L 12.2(53)SE2           C2960S-UNIVERSALK9-M

I am trying to configure the interface using the following commands:

RAK-ASW01#configure
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
RAK-ASW01(config)#interface gigabitEthernet 1/0/11
RAK-ASW01(config-if)#switchport mode access
RAK-ASW01(config-if)#dot1x port-control auto
RAK-ASW01(config-if)#dot1x guest-vlan 17
RAK-ASW01(config-if)#end

the result is the following, as if the guest-vlan is not supported:

RAK-ASW01#show dot1x interface gigabitEthernet 1/0/11
Dot1x Info for GigabitEthernet1/0/11
-----------------------------------
PAE                       = AUTHENTICATOR
PortControl               = AUTO
ControlDirection          = Both
HostMode                  = SINGLE_HOST
QuietPeriod               = 60
ServerTimeout             = 0
SuppTimeout               = 30
ReAuthMax                 = 2
MaxReq                    = 2
TxPeriod                  = 30

RAK-ASW01#

similar result is obtained while trying to configure a auth-fail vlan.

the full configuration file is attached.

many thanks in advance,

Alaeddine

Tiago Antunes · ‎04-19-2011

Hi,

You will not see it there. It is expected if you use that command.

The way to see it is using "show run interface x/x" and see if the config commands are there, or if there is already a device on the port if you use the command "show authentication session interface x/x" and you will see if the guest vlan is being used or not.

HTH,
Tiago

--

If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

View solution in original post

Tiago Antunes · ‎04-18-2011

Hi,

Can you please clarify exactly what you are not able to achieve here?

What you mean "as the Guest-VLAN is not supported"?

What were you expecting to see?

BR,
Tiago

alaeddine.elfawal · ‎04-19-2011

Hi,

I am trying to see the guest-vlan configuration, but I was not able to see it. Therefore, my first thought was that the guest-vlan is not supported by this IOS release.

Another point is that, although I am not able to see the configuration of the guest-vlan and the auth-fail vlan, they do exist and they are operational: when I try to connect a device to the switch and it fails to authenticate, the switch connects the device to the restricted vlan.

So my question is: why I can not see the guest-vlan and the auth-fail vlan configuration?

Thanks in advance,

Alaeddine

Tiago Antunes · ‎04-19-2011

Hi,

You will not see it there. It is expected if you use that command.

The way to see it is using "show run interface x/x" and see if the config commands are there, or if there is already a device on the port if you use the command "show authentication session interface x/x" and you will see if the guest vlan is being used or not.

HTH,
Tiago

--

If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

alaeddine.elfawal · ‎04-19-2011

Hi,

Many thanks!

Alaeddine