Showing results for 
Search instead for 
Did you mean: 

Cisco Catalyst 9200L - 802.1x - Unauthenticated VLAN?



I am looking to implement 802.1x for our wired ports. I have a working solution. The device connects and successfully authenticates. The VLAN is not set by the radius server but is provided by the switch port configuration (Switch access VLAN xx).

Works well so far but our PXE solution doesn't support 802.1x. I was thinking some kind of unauthenticated VLAN that clients enter when 802.1x authentication fails. This VLAN will be very restricted and only have access to the PXE server (via an ACL).


I have researched this but I am getting mixed message and many articles online are quite old.


I was wondering if anyone can advise please?


Thank You.

MHM Cisco World

authentication event fail action authorize vlan vlan-id



you need above command if the 802.1x failed then automatically PXE will get VLAN you enter in command.

Thank you. I will give that a try!


Do you know any show commands to view if a port passes or fails authentication please? It will be useful in troubleshooting. I haven’t actually implemented 802.1x on wired ports before. 

Thanks Again!


Hello MHM,


I added authentication event fail action authorize vlan 506 - It didn't seem to work. I connect a device (standalone laptop) and it doesn't get an IP address from VLAN 506. Connected a domain laptop to this port authenticates and works well.


I wonder if you can provide any tips please?




The port config is:



description Client

switchport access vlan 508

switchport mode access

authentication event fail action authorize vlan 506

authentication port-control auto

dot1x pae authenticator

spanning-tree portfast




Can you try adding  this line to your interface



authentication event no-response action authorize vlan 506




Make sure you have created the VLAN 506 & and SVI with ip helpers to your DHCP server & scope built.



Regards, Alex. Please rate useful posts.

you mention the PC failed 802.1x or you meaning PC not support 802.1x?