89
To set the maximum number of 802.1X authentication attempts for MAC authentication users:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet interface
view.
interface interface-type
interface-number
N/A
3. Set the maximum number of
802.1X authentication attempts
for MAC authentication users.
dot1x attempts max-fail
unsuccessful-attempts
By default, an authenticated MAC
authentication user can retry
802.1X authentication until the
maximum number of authentication
attempts configured on the 802.1X
client is reached.
Configuring a VLAN group
Step Command Remarks
1. Enter system view.
system-view N/A
2. Create a VLAN group and
enter its view.
vlan-group group-name By default, no VLAN group exists.
3. Add VLANs to the group.
vlan-list vlan-list
By default, a VLAN group does not
contain VLANs.
You can repeat this step to add VLANs.
Do not add a super VLAN to a VLAN
group. The device does not assign
super VLANs to 802.1X users.
Configuring an 802.1X guest VLAN
Configuration guidelines
Follow these guidelines when you configure an 802.1X guest VLAN:
• You can configure only one 802.1X guest VLAN on a port. The 802.1X guest VLANs on different
ports can be different.
• Assign different IDs to the voice VLAN, the port VLAN, and the 802.1X guest VLAN on a port, so
the port can correctly process incoming VLAN tagged traffic.
• With 802.1X authentication, a hybrid port is always assigned to a VLAN as an untagged member.
After the assignment, do not reconfigure the port as a tagged member in the VLAN.
• If 802.1X clients in your network cannot trigger an immediate DHCP-assigned IP address renewal in
response to a VLAN change, the 802.1X users cannot access authorized network resources
immediately after an 802.1X authentication is complete. As a solution, remind the 802.1X users to
release their IP addresses or repair their network connections for a DHCP reassignment after
802.1X authentication is complete. The HP iNode client does not have this problem.
• Use Table 8 w
hen configuring multiple security features on a port.
To Next Page
Loading...
Need help?
General