Re: dot1x posted 01/07/2008
!!!! guest-vlan will be used if the client doesn't support dot1x (i.e. EAP packets aren't detected) fail-auth VLAN will be used when client fails authentication.
aaa authen login CON none aaa authen login VTY line
line con0 login authen CON
line vty 0 15 login authen VTY
This reduces the risk when accidentally changing the default method later and break requirements or lock yourself out.
!!! this obviously require the definition of "username U password p" statement ... but I could be stating the obvious.