.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
Guest-vlan
Hi,
*dot1x guest-vlan supplicant* is required to be globally configured on the switch to be able to place supplicants that dont complete authentication on the port into the Guest VLAN. This means that an EAPoL Start is seen on the wire from the supplicant but then because of absence of certificate(s) the supplicant doesnt respond to EAP Request ID frames from the switch. The situation enters a weird state of silence and this is when that command enables the switch to place the port into the guest-VLAN after a timeout period and hence the statement “the switch maintains the EAPOL packet history”.
AFAIK, guest VLAN and authfail VLAN configurations are mutually exclusive. One doesnt affect the behaviour of the other. Guest VLAN is pertinent to host without supplicants (with the exception of the case aforementioned) and authfail VLAN pertains to supplicants that actually fail authentication due to either expired credentials or any other reason.
BUT, I cant remember off the top of my head right now, an IOS version of the 3550 doesnt support authfail (as you have mentioned). However, I have not labbed this up to see that the guest VLAN would cater for hosts failing authentication as well. You might want to check this up.
HTH, Sadiq
Blogs and organic groups at http://www.ccie.net
