536 802.1x Commands
Example
The following command enables sending traps when a MAC address was failed in authentication of the
802.1X MAC authentication access control.
dot1x radius-attributes vlan
The dot1x radius-attributes vlan Interface Configuration mode command enables user-based VLAN
assignment. Use the no form of this command to disable user-based VLAN assignment.
Syntax
• dot1x radius-attributes vlan
• no dot1x radius-attributes vlan
Default Configuration
Disabled.
Command Mode
Interface configuration (Ethernet) mode
User Guidelines
• The
dot1x radius-attributes vlan
command configuration is allowed only when the port is Forced
Authorized.
• RADIUS attributes are supported only in the multiple sessions mode (multiple hosts with
authentication).
• When RADIUS attributes are enabled and the RADIUS Accept message does not contain as an
attribute the supplicant’s VLAN, then the supplicant is rejected.
• Packets to the supplicant are sent untagged.
• After successful authentication the port remains member in the unauthenticated VLANs and in the
Guest VLAN. Other static VLAN configuration is not applied on the port.
• If the supplicant VLAN does not exist on the switch, the supplicant is rejected.
Examples
The following command enables user-based VLAN assignment.
console config-if(Config)# dot1x traps mac-authentication failure
console config-if(Config)# dot1x radius-attributes vlan
book.book Page 536 Thursday, December 18, 2008 7:40 PM
To Next Page
Loading...
Need help?
General
Weight and Dimensions
