79
• If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid port,
enable MAC-based VLAN on the port, and assign the port to the 802.1X guest VLAN as an
untagged member. For more information about the MAC-based VLAN function, see the Layer 2
—
LAN Switching Configuration Guide.
Configuration procedure
Follow these steps to configure an 802.1X guest VLAN:
To do… Use the command… Remarks
Enter system view
system-view —
Configure an
802.1X guest
VLAN for one or
more ports
In system view
dot1x guest-vlan guest-vlan-id
[ interface interface-list ]
Required
Use either approach.
By default, no 802.1X guest VLAN
is configured on any port.
In Layer 2
Ethernet
interface view
interface interface-type
interface-number
dot1x guest-vlan guest-vlan-id
Configuring an Auth-Fail VLAN
Configuration guidelines
Follow these guidelines when configuring an 802.1X Auth-Fail VLAN:
• Assign different IDs for the voice VLAN, default VLAN, and 802.1X guest VLAN on a port, so the
port can correctly process VLAN tagged incoming traffic.
• You can configure only one 802.1X Auth-Fail VLAN on a port. The 802.1X Auth-Fail VLANs on
different ports can be different.
• Use Table 9 w
hen configuring multiple security features on a port.
Table 9 Relationships of the 802.1X Auth-Fail VLAN with other features
Feature Relationship description Reference
MAC authentication guest VLAN
on a port that performs
MAC-based access control
The 802.1X Auth-Fail VLAN has a high
priority.
The chapter "MAC
authentication
configuration"
Port intrusion protection on a port
that performs MAC-based access
control
The 802.1X Auth-Fail VLAN function has
higher priority than the block MAC action
but lower priority than the shut down port
action of the port intrusion protection
feature.
The chapter "Port Security
configuration"
Configuration prerequisites
• Create the VLAN to be specified as the 802.1X Auth-Fail VLAN
• If the 802.1X-enabled port performs port-based access control, enable 802.1X multicast trigger.
• If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid port,
enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an untagged
To Next Page
Loading...
Need help?
General