03-08-2010 01:14 PM - edited 03-10-2019 04:59 PM
Hi All,
What criteria is used to determine whether to use the auth-fail VLAN or the guest VLAN?
What if a non-802.1x client connects to the port, say a Vendor.... 802.1x doesn't occur, so does it then transition to guest vlan?
What if a vendor brings in an 802.1x capable PC and connects it... the auth fails, but I'd want the vendor to go into the guest VLAN anyway, Could I give them a temporary username / PW maybe to authenticate with? hmmm...
Thanks in advance.
Solved! Go to Solution.
03-08-2010 04:26 PM
Hello,
The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the
user or machine authentication. The Auth-Fail VLAN will be invoked after a number of failures
not after the first authentication failure. This is a configurable value.
The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.
You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want
users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).
--Jesse
03-08-2010 04:26 PM
Hello,
The Auth-Fail VLAN is invoked if an Access-Reject is received from the Radius server for the
user or machine authentication. The Auth-Fail VLAN will be invoked after a number of failures
not after the first authentication failure. This is a configurable value.
The Guest VLAN is invoked if not EAPoL traffic is received from the connecting client.
You can set the Auth-Fail VLAN and the Guest VLAN to the same VLAN ID if you want
users who come in with the supplicant disabled or someone with invalid credentials (or no credentials).
--Jesse
03-09-2010 09:49 AM
Thanks for the info.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: