To disable the guest VLAN, use the
no dot1x guest-vlan
vlan-id
command.
Parameters
vlan-id
Enter the VLAN Identifier. The range is from 1 to 4094.
Defaults
Not configured.
Command
Modes
CONFIGURATION (
conf-if-interface-slot/port
)
Command
History
Version 9.2(0.0)
Introduced on the MXL 10/40GbE Switch IO Module.
Usage
Information
1X authentication is enabled when an interface is connected to the switch. If the
host fails to respond within a designated amount of time, the authenticator places
the port in the guest VLAN.
If a device does not respond within 30 seconds, it is assumed that the device is not
802.1X capable. Therefore, a guest VLAN is allocated to the interface and
authentication, for the device, occurs at the next reauthentication interval (
dot1x
reauthentication
).
If the host fails authentication for the designated number of times, the
authenticator places the port in authentication failed VLAN (
dot1x auth-fail-
vlan
).
NOTE: You can create the Layer 3 portion of a guest VLAN and authentication
fail VLANs regardless if the VLAN is assigned to an interface or not. After an
interface is assigned a guest VLAN (which has an IP address), routing through
the guest VLAN is the same as any other traffic. However, the interface may
join/leave a VLAN dynamically.
Related
Commands
•
dot1x auth-fail-vlan
— Configures an authentication failure VLAN.
•
dot1x reauthentication
— Enables periodic re-authentication of the client.
•
dot1x reauth-max
— Configure the maximum number of times to re-
authenticate a port before it becomes unauthorized.
dot1x host-mode
Enable single-host or multi-host authentication.
Syntax
dot1x host-mode {single-host | multi-host | multi-auth}
Parameters
single-host
Enable single-host authentication.
multi-host
Enable multi-host authentication.
multi-auth
Enable multi-supplicant authentication.
802.1X
129