The following example shows how to configure Inaccessible Authentication Bypass:
Ruijie# configure terminal
Ruijie(config)# interface fa 0/1
Ruijie(config-if)# dot1x port-control auto
Ruijie(config-if)# dot1x critical
After IAB is enabled on the port and all servers become inaccessible:
IAB will take effect only if the globally configured 802.1x authentication method list contains only RADIUS
authentication method and all RADIUS servers have failed. If there are other authentication methods in the
list (such as local, none, etc), IAB won't take effect.
After globally enabling AAA multi-domain authentication, the globally configured authentication method list
won't be adopted during 802.1x user authentication. Since IAB will directly allow the user to pass
authentication without the need to enter username after the RADIUS servers in 802.1x authentication
method list have all failed, AAA multi-domain authentication will fail on this port.
IAB-authenticated users won't send accounting request to the accounting server.
Normally authenticated users won't be affected and can still access network.
With 802.1x IP authorization enabled globally, if there is authenticated user on the port, the other users on
this port cannot be authenticated in IAB mode.
With GSN address binding function enabled on the port, the user authenticated through the IAB cannot
access the network.
Configuring IAB Authentication with Switching VLAN
When 802.1x controlled port enters into IAB state, it won't be able to verify user's identity. You can assign this port to a
specific VLAN, and only allow the user to access network resources on this specific VLAN.
Execute the following steps to configure IAB authentication with switching VLAN:
To Next Page
Loading...
