91
Configuring the 802.1X critical VLAN on a port
1. Enter system view.
system-view
N/A
2.
view.
interface
interface-type
interface-number
N/A
3. Configure the 802.1X critical
VLAN on the port.
dot1x critical vlan
vlan-id
By default, no 802.1X critical
VLAN is configured.
Sending EAP-Success packets to users in the 802.1X critical
VLAN
This feature is available in Release 1121 and later.
Typically, the device sends EAP-Failure packets to 802.1X clients when the client users are assigned
to the 802.1X critical VLAN. Some 802.1X clients, such as Windows built-in 802.1X clients, cannot
respond to the EAP-Request/Identity packets of the device if they have received an EAP-Failure
packet. As a result, reauthentication fails for these clients when an authentication server is
reachable.
This feature enables the device to send EAP-Success packets instead of EAP-Failure packets to
802.1X clients when the client users are assigned to the 802.1X critical VLAN. This operation
ensures that all 802.1X clients can perform reauthentication.
To configure the device to send an EAP-Success packet to an 802.1X client when its client user is
assigned to the critical VLAN on the port:
1. Enter system view.
system-view
N/A
2. Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3. Configure the device to send
an EAP-Success packet to
an 802.1X client when its
client user is assigned to the
critical VLAN on the port.
dot1x critical eapol
By default, the device sends an
EAP-Failure packet to an 802.1X
client when its client user is
assigned to the critical VLAN on a
port.
Enabling the 802.1X critical voice VLAN
This feature is available in Release 1121 and later.
Configuration restrictions and guidelines
The feature does not take effect if the voice user has been in the 802.1X Auth-Fail VLAN.
To Next Page
Loading...
Need help?
General