Authenticator commands, Dot1x intrusion-action, Dot1x max-reauth-req – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual

Brocade 6910 Ethernet Access Switch Configuration Guide

175

53-1002651-02

9

802.1X Port Authentication

Authenticator Commands

dot1x intrusion-action

This command sets the port’s response to a failed authentication, either to block all traffic, or to
assign all traffic for the port to a guest VLAN. Use the no form to reset the default.

Syntax

dot1x intrusion-action {block-traffic | guest-vlan}

no dot1x intrusion-action

block-traffic - Blocks traffic on this port.

guest-vlan - Assigns the user to the Guest VLAN.

Default
block-traffic

Command Mode
Interface Configuration

Command Usage
For guest VLAN assignment to be successful, the VLAN must be configured and set as active (see
the

vlan database

command) and assigned as the guest VLAN for the port (see the

network-access

guest-vlan

command).

Example

Console(config)#interface eth 1/2

Console(config-if)#dot1x intrusion-action guest-vlan

Console(config-if)#

dot1x max-reauth-req

This command sets the maximum number of times that the switch sends an EAP-request/identity
frame to the client before restarting the authentication process. Use the no form to restore the
default.

Syntax

dot1x max-reauth-req count

no dot1x max-reauth-req

count – The maximum number of requests (Range: 1-10)

Default
2

Command Mode
Interface Configuration

Example

Console(config)#interface eth 1/2

Console(config-if)#dot1x max-reauth-req 2