88
• If the 802.1X-enabled port performs MAC-based access control, perform the following operations
for the port:
{ Configure the port as a hybrid port.
{ Enable MAC-based VLAN on the port. For more information about the MAC-based VLAN
feature, see Layer 2—LAN Switching Configuration Guide.
{ Assign the port to the Auth-Fail VLAN as an untagged member.
Configuration procedure
To configure an 802.1X Auth-Fail VLAN:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Ethernet interface view.
interface interface-type
interface-number
N/A
3. Configure the 802.1X
Auth-Fail VLAN on the port.
dot1x auth-fail vlan authfail-vlan-id
By default, no 802.1X Auth-Fail
VLAN is configured.
Configuring an 802.1X critical VLAN
Configuration guidelines
When you configure an 802.1X critical VLAN, follow these restrictions and guidelines:
• Assign different IDs to the voice VLAN, the PVID, and the 802.1X critical VLAN on a port. The
assignment makes sure the port can correctly process VLAN-tagged incoming traffic.
• You can configure only one 802.1X critical VLAN on a port. The 802.1X critical VLANs on different
ports can be different.
Configuration prerequisites
Before you configure an 802.1X critical VLAN, complete the following tasks:
• Create the VLAN to be specified as a critical VLAN.
• If the 802.1X-enabled port performs MAC-based access control, perform the following operations
for the port:
{ Configure the port as a hybrid port.
{ Enable MAC-based VLAN on the port. For more information about the MAC-based VLAN
feature, see Layer 2—LAN Switching Configuration Guide.
{ Assign the port to the 802.1X critical VLAN as an untagged member.
Configuration procedure
To configure an 802.1X critical VLAN:
To Next Page
Loading...
Need help?
General