10-18
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter10 Configuring 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Configuring a Guest VLAN
For switches running the EI, when you configure a guest VLAN, clients that are not 802.1x-capable are
put into the guest VLAN when the server does not receive a response to its EAPOL request/identity
frame. Clients that are 802.1x-capable but fail authentication are not gr anted access to the network. The
switch supports guest VLANs in single-host or multiple-hosts mode.
Beginning in privileged EXEC mode, follow these steps to configure a guest VLAN. This pro cedur e is
optional.
To disable and remove the guest VLAN, us e t he no dot1x guest-vlan interface conf igurat ion co mmand .
The port returns to the unauthorized state.
This example shows how to enable VLAN 9 as an 802.1x guest VLAN on a po rt:
Switch(config)# interface fastethernet0/1
Switch(config-if)# dot1x guest-vlan 9
This example shows how to set 3 as the quiet time on the switch, to set 15 as th e nu mber o f seco nds t hat
the switch waits for a response to an EAP-request/identity frame from the client before resending the
request, and to enable VLAN 2 as an 802.1x guest VLAN when an 802.1x port is connected to a DHCP
client:
Switch(config-if)# dot1x timeout quiet-period 3
Switch(config-if)# dot1x timeout tx-period 15
Switch(config-if)# dot1x guest-vlan 2
Resetting the 802.1x Configuration to the Default Values
Beginning in privileged EXEC mode, follow these steps to reset the 802.1x configuration to the default
values.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Specify the interface to be configured, and enter interface configuration
mode. For the supported interface types, see the “802.1x Configuration
Guidelines” section on page 10-10.
Step3 dot1x guest-vlan vlan-id Specify an active VLAN as an 802.1x guest VLAN. The range is 1 to
4094.
Any VLAN can be configured as an 802.1x guest VLAN except RSPAN
VLANs or voice VLANs.
Step4 end Return to privileged EXEC mode.
Step5 show dot1x interface interface-id Verify your entries.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Specify the interface to be configured, and enter interface configuration
mode.