Cisco Cisco IOS Software Release 12.4(2)XB6

When you configure a guest VLAN, clients that are not IEEE 802.1x-capable are put into the guest 
VLAN when the server does not receive a response to its EAP request/identity frame. Clients that are 
IEEE 802.1x-capable but that fail authentication are not granted network access. The switch supports 
guest VLANs in single-host or multiple-host mode.

For more information about this feature, see the following URL at:

You can limit network access for certain users by using VLAN assignment. After successful 802.1x 
authentication of a port, the RADIUS server sends the VLAN assignment to configure the port. The 
RADIUS server database maintains the username-to-VLAN mappings, which assigns the VLAN based 
on the user name of the client connected to the port.

For more information about this feature, see the following URL at:

Extensible Authentication Protocol (EAP) and TLS are both IETF RFC standards. The EAP protocol 
carries initial authentication information, specifically EAPOL (the encapsulation of EAP over LANs as 
established b y IEEE 802.1x)is an authentication protocol for the 802.1x framework for mutual 
authentication between the client and a RADIUS server. 

For more information about this feature, see the following URL at:

For information regarding the features supported in Cisco IOS Release 12.4T, see the Cross-Platform 
Release Notes and New Feature Documentation links at the following location on 

Cisco.com

: 

Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are 
the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious 
of these three severity levels.

Caveats in Cisco IOS Release 12.4(4)T are also in Cisco IOS Release 12.4(4)XC. For information on 
caveats in Cisco IOS Release 12.4T, see the 

Caveats for Cisco IOS Release 12.4(4)T

 document. This 

document lists severity 1 and 2 caveats; the documents are located on 

.