Configuration Guide 802.1x Configuration
After it times out, with guest vlan configured on the port, the port switches to the guest vlan. However, during
the authentication, the response timeout for the server will not cause the MAB port in the guest vlan.
Configuring Dot1x MAC Authentication Bypass Violation
By default, with one MAC address authenticated in the MAB mode, data of all devices under the port are allowed to be
forwarded. However, in some safe applications, if only one MAC address is allowed for the MAB port by the administrator,
configure the MAB violation. With the MAB violation configured, once the port enters the MAB mode, the violation occurs if
there is more than one 1 Mac address for the port.
To configure the MAB violation on the interface, run the following commands:
Ruijie(config)#interface interface-id
Enter interface configuration mode.
Ruijie(config-if-type ID)#dot1x mac-auth-bypass
violation
Ruijie#show running-config
Following example shows how to configure the MAB violation.
Ruijie# configure terminal
Ruijie(config)# interface fa 0/1
Ruijie(config-if)# dot1x mac-auth-bypass violation
Use the erridisable recover command to restore the MAB violation port.
The same MAC address for the port in the private vlan appears in the primary and the secondary VLAN
simultaneously, so the MAB authentication violation shall not be configured on the port in the private vlan. Or
it will lead to the MAB violation judgment error and influence the normal use.
Configuring Dot1x Auth-Fail VLAN
With the auth-fail vlan configured on the switch, when the user authentication on the port fails, the port enters to the
auth-fail vlan pre-configured.
To configure the auth-fail VLAN in interface configuration mode, run the following commands:
Ruijie(config)#interface interface-id
Enter interface configuration mode.
Ruijie(config-if-type ID)#dot1x auth-fail vlan vid
Set the auth-fail VLAN on the interface.
Following example shows how to configure the auth-fail VLAN.
To Next Page
Loading...
