beautypg.com

Command list, Auth auth-fail vlan, Command list auth auth-fail vlan – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1129

background image

Authentication Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

43.3

Command List

This chapter provides an alphabetical reference for Authentication commands.

auth auth-fail vlan

Use this command to enable the auth-fail vlan feature on the specified vlan interface. This
feature assigns supplicants (client devices), which have failed port authentication, to the
specified VLAN interface.

Use the no variant of this command to disable the auth-fail vlan feature for a specified
VLAN interface.

Syntax

auth auth-fail vlan <1-4094>

no auth auth-fail vlan

Default

The auth-fail vlan feature is disabled by default.

Mode

Interface Configuration for a static channel, a dynamic (LACP) channel group, or a switch
port.

Usage

Use the auth-fail vlan feature when using Web-authentication instead of the Guest VLAN
feature, when you need to separate networks where one supplicant (client device)
requires authentication and another supplicant does not require authentication from the
same interface.

This is because the DHCP lease time using the Web authentication feature is shorter, and
the auth fail vlan feature enables assignment to a different VLAN if a supplicant fails
authentication.

When using 802.1X port authentication, use a

dot1x max-auth-fail

command to set the

maximum number of login attempts. Three login attempts are allowed by default for
802.1X port authentication before supplicants trying to authenticate are moved from the
Guest VLAN to the auth-fail VLAN. See the

“dot1x max-auth-fail” on page 41.9

for

command information.

See the section

“Failed Authentication VLAN” on page 42.29

in

Chapter 42,

Authentication Introduction and Configuration

for further overview information about

the auth-fail VLAN feature, which allows the Network Administrator to separate the
supplicants who attempted authentication, but failed, from the supplicants who did not
attempt authentication.

Parameter

Description

<1-4094>

Assigns the VLAN ID to any supplicants that have failed port
authentication.

See also other documents in the category Allied Telesis Computer hardware: