118
view does not take effect. For more information about the user-name-format command, see
"RADIUS commands."
Some network access devices provide the EAP server function so you can use EAP relay even if the
RADIUS server does not support any EAP authentication method or no RADIUS server is available. Local
authentication supports PAP and CHAP.
If RADIUS authentication is used, you must configure the network access device to use the same
authentication method (PAP, CHAP, or EAP) as the RADIUS server.
Examples
# Enable the access device to terminate EAP packets and perform PAP authentication with the RADIUS
server.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
Related commands
display dot1x
dot1x auth-fail vlan
Use dot1x auth-fail vlan to configure an 802.1X Auth-Fail VLAN on a port.
Use undo dot1x auth-fail vlan to restore the default.
Syntax
dot1x auth-fail vlan authfail-vlan-id
undo dot1x auth-fail vlan
Default
No 802.1X Auth-Fail VLAN is configured on a port.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
authfail-vlan-id: Specifies the ID of the 802.1X Auth-Fail VLAN on the port. The value range for the VLAN
ID is 1 to 4094. Make sure the VLAN has been created.
Usage guidelines
An 802.1X Auth-Fail VLAN accommodates users who have failed 802.1X authentication for any other
reason than unreachable servers.
To delete a VLAN that has been configured as an 802.1X Auth-Fail VLAN, you must first use the undo
dot1x auth-fail vlan command.
For more information about the 802.1X Auth-Fail VLAN, see Security Configuration Guide.
Examples
# Configure VLAN 100 as the Auth-Fail VLAN on port GigabitEthernet 2/1/1.
<Sysname> system-view
To Next Page
Loading...
Need help?
General
