Configuration Guide 802.1x Configuration
Ruijie# configure terminal
Ruijie(config)# interface fa 0/1
Ruijie(config-if)# dot1x auth-fail vlan 2
If the configured vlan is inexistent, the vlan will be created dynamically when the port enters the auth-fail vlan,
and will be auto-removed when the port exits from the auth-fail vlan.
If the port is down, it will exit from the auth-fail vlan automatically.
It allows setting the auth-fail vlan and the guest vlan in the same VLAN.
In the port mode and in the auth-fail vlan, it only allows the last-auth-fail user for the re-auth, and the
auth-requests of other users are dropped. This restriction is not applicable for the MAC mode.
The auth-fail vlan does not support private vlan. That is, the private vlan cannot be set as the dot1x auth-fail
vlan.
When the GSN address binding function is enabled on the port, the auth-fail user cannot access the network.
Configuring Dot1x Auth-Fail Max-Attempt
Fail-VLAN is entered only after the client fails to pass authentication for certain times. To configure the auth-fail
max-attempt times, run the following commands:
Set the auth-fail max-attempt times, the default value is 3
and the valid range is 1-3.
Following example shows how to configure the auth-fail max-attempt value.
Ruijie# configure terminal
Ruijie(config)# dot1x auth-fail max-attempt 2
Configuring Inaccessible Authentication Bypass
When all RADIUS servers configured on the switch are inaccessible, the user's authentication request won't receive any
reply, and the administrator won't be able to verify user's identity. From the perspective of user, if no other authentication
method is configured on the switch, it won't be able to access the network. To ensure that the new authenticated user can
access network, Inaccessible Authentication Bypass (IAB) can be configured on the port.
To Next Page
Loading...
