80
member. For more information about the MAC-based VLAN function, see the Layer 2
—
LAN
Switching Configuration Guide.
Follow these steps to configure an Auth-Fail VLAN:
To do… Use the command… Remarks
Enter system view
system-view —
Enter Layer 2 Ethernet interface
view
interface interface-type
interface-number
—
Configure the Auth-Fail VLAN on
the port
dot1x auth-fail vlan authfail-vlan-id
Required
By default, no Auth-Fail VLAN is
configured.
Configuring an 802.1X critical VLAN
Configuration guidelines
• Assign different IDs for the voice VLAN, the port VLAN, and the 802.1X critical VLAN on a port, so
the port can correctly process VLAN tagged incoming traffic.
• You can configure only one 802.1X critical VLAN on a port. The 802.1X critical VLANs on different
ports can be different.
Configuration prerequisites
• Create the VLAN to be specified as a critical VLAN.
• If the 802.1X-enabled port performs port-based access control, enable 802.1X multicast trigger
(dot1x multicast-trigger).
• If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid port,
enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an untagged
member. For more information about the MAC-based VLAN function, see Layer 2
—
LAN Switching
Configuration Guide.
Configuration procedure
Follow these steps to configure an 802.1X critical VLAN:
To do… Use the command… Remarks
Enter system view
system-view —
Enter Layer 2 Ethernet interface
view
interface interface-type
interface-number
—
Configure an 802.1X critical
VLAN on the port
dot1x critical vlan vlan-id
Required
By default, no critical VLAN is
configured.
Configure the port to trigger
802.1X authentication on
detection of a reachable
authentication server for users in
the critical VLAN
dot1x critical recovery-action
reinitialize
Optional
By default, when a reachable
RADIUS server is detected, the
system removes the port or 802.1X
users from the critical VLAN
without triggering authentication.
To Next Page
Loading...
