818 802.1x Commands
client is authenticated and is undisturbed by the failure condition(s). The
reasons for failure are logged and buffered into the local logging database such
that the operator can track the failure conditions.
RADIUS-based Dynamic VLAN Assignment
If VLAN assignment is enabled in the RADIUS server then as part of the
response message, the RADIUS server sends the VLAN ID which the client is
requested to use in the 802.1x tunnel attributes. If dynamic VLAN creation is
enabled on the switch and the RADIUS assigned VLAN does not exist, then
the assigned VLAN is dynamically created. This implies that the client can
connect from any port and be assigned to the appropriate VLAN. This gives
flexibility for clients to move around the network with out requiring the
operator to perform additional provisioning for each network interface.
Commands in this Chapter
This chapter explains the following commands:
dot1x dynamic-vlan enable dot1x timeout guest-vlan-
period
show dot1x clients
dot1x mac-auth-bypass dot1x timeout quiet-period show dot1x interface
dot1x max-req dot1x timeout re-
authperiod
show dot1x statistics
dot1x max-users dot1x timeout server-
timeout
show dot1x users
dot1x port-control dot1x timeout supp-
timeout
clear dot1x
authentication–history
dot1x re-authenticate dot1x timeout tx-period
dot1x reauthentication show dot1x
dot1x system-auth-control
monitor
show dot1x authentication-
history
2CSPC4.XCT-SWUM2XX1.book Page 818 Monday, October 3, 2011 11:05 AM