99
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter Ethernet interface
view.
interface
interface-type
interface-number
N/A
3. Configure the Auth-Fail
VLAN on the port.
dot1x auth-fail vlan
authfail-vlan-id
By default, no Auth-Fail VLAN is configured.
Configuring an 802.1X critical VLAN
Configuration guidelines
• 802.1X critical VLAN is not supported on a port that performs MAC-based access control.
• Assign different IDs for the voice VLAN, the port VLAN, and the 802.1X critical VLAN on a port,
so the port can correctly process VLAN tagged incoming traffic.
• You can configure only one 802.1X critical VLAN on a port. The 802.1X critical VLANs on
different ports can be different.
• You cannot specify a VLAN as both a super VLAN and an 802.1X critical VLAN. For information
about super VLANs, see HPE FlexNetwork MSR Router Series Comware 5 Layer 2—LAN
Switching Configuration Guide.
Configuration prerequisites
• Create the VLAN to be specified as a critical VLAN.
• If the 802.1X-enabled port performs port-based access control, enable 802.1X multicast trigger
(dot1x multicast-trigger).
Configuration procedure
To configure an 802.1X critical VLAN:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3. Configure an 802.1X critical
VLAN on the port.
dot1x critical vlan
vlan-id
By default, no critical VLAN is
configured.
4. Configure the port to trigger
802.1X authentication on
detection of a reachable
authentication server for
users in the critical VLAN.
dot1x critical recovery-action
reinitialize
Optional.
By default, when a reachable
RADIUS server is detected, the
system removes the port or
802.1X users from the critical
VLAN without triggering
authentication.
To Next Page
Loading...
