Cisco Systems OL-6244-01

2-487

Catalyst 6500 Series Switch Command Reference—Release8.4

OL-6244-01

Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands set port dot1x

•The authentication failure VLAN is supported only in the single-authentication mode (the default

port mode).

•The authentication failure VLAN is not supported on a p ort that is c onfigure d as a uni dir ect iona l

port.

•The supplicant’s MAC address is added to the CAM table and only its MAC address is allowed on

the authentication failure VLAN port. Any new MAC address that appears on the port is treated as

a security violation.

•The authentication failure VLAN port cannot be part of an RSPAN VLAN or a private VLAN.

•On multiple VLAN access ports (MVAPs), the authentication failure VLAN and the auxiliary VLAN

cannot be the same.

•The authentication failure VLAN and port security features do not conflict with each other. Additionally,

other security fe atur es su ch as Dynamic ARP Inspection (DAI), Dynamic Host Configuration Protocol

(DHCP) snooping, and IP source guard can be enabled and disabled independently on the authentication

failure VLAN.

•The authentication failure VLAN is independent of the guest VLAN. Howe v er , t he guest VL AN can

be the same VLAN a s the authentica t io n failure VLAN. If you do not want to differentiate between

the non-802.1X-capable hosts and the authentication-failed hosts, you may configure both to the same

VLAN (either a guest VLAN or an authentication failure VLAN).

•High availability is supported with the authentication failure VLAN.

Examples This example shows how to set the port control type automatically:

Console> (enable) set port dot1x 4/1 port-control auto

Port 4/1 dot1x port-control is set to auto.

Console> (enable)

This example shows how to initialize 802.1X on a port:

Console> (enable) set port dot1x 4/1 initialize

dot1x port 4/1 initializing...

dot1x initialized on port 4/1.

Console> (enable)

This example shows how to manually reauthenticate a port:

Console> (enable) set port dot1x 4/1 re-authenticate

dot1x port 4/1 re-authenticating...

dot1x re-authentication successful...

dot1x port 4/1 authorized.

Console> (enable)

This example shows how to enable multiple-user access on a specific port:

Console> (enable) set port dot1x 4/1 multiple-host enable

Multiple hosts allowed on port 4/1.

Console> (enable)

This example shows how to enable automatic reauthentication on a port:

Console> (enable) set port dot1x 4/1 re-authentication enable

Port 4/1 re-authentication enabled.

Console> (enable)