- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: dot1x posted 01/07/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


* Joseph Saad wrote:
!!!! guest-vlan will be used if the client doesn't support dot1x  (i.e. EAP
packets aren't detected)
    fail-auth VLAN will be used when client  fails authentication.

Thanks for the hint, I didn't know this feature exists (did my studies with 12.2(25)SEC).

aaa authen login CON none
aaa authen login VTY line

line con0
login authen CON

line vty 0 15
login authen VTY

This reduces the risk when accidentally changing the default method
later and break requirements or lock yourself out.

!!! this obviously require the definition of "username U password p" statement ... but I could be stating the obvious.

Username entry in the local db is not needed, the VTY method uses the line password (assuming it was there in the initial config).