Table 7 Relationships of the 802.1X Auth-Fail VLAN with other features
Feature
Super VLAN
MAC authentication guest
VLAN on a port that
performs MAC-based
access control
Port intrusion protection on
a port that performs
MAC-based access control
Configuration prerequisites
•
Create the VLAN to be specified as the 802.1X Auth-Fail VLAN.
If the 802.1X-enabled port performs port-based access control, enable 802.1X multicast trigger.
•
If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid port,
•
enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an untagged
member. For more information about the MAC-based VLAN function, see Layer 2
Configuration Guide.
Configuration procedure
To configure an Auth-Fail VLAN:
Step
1.
Enter system view.
2.
Enter Ethernet interface
view.
3.
Configure the Auth-Fail
VLAN on the port.
Configuring an 802.1X critical VLAN
Configuration guidelines
•
Assign different IDs for the voice VLAN, the port VLAN, and the 802.1X critical VLAN on a port, so
the port can correctly process VLAN tagged incoming traffic.
You can configure only one 802.1X critical VLAN on a port. The 802.1X critical VLANs on different
•
ports can be different.
You cannot specify a VLAN as both a super VLAN and an 802.1X critical VLAN. For information
•
about super VLANs, see Layer 2—LAN Switching Configuration Guide.
Relationship description
You cannot specify a VLAN as both a super
VLAN and an 802.1X Auth-Fail VLAN.
The 802.1X Auth-Fail VLAN has a high
priority.
The 802.1X Auth-Fail VLAN function has
higher priority than the block MAC action
but lower priority than the shut down port
action of the port intrusion protection
feature.
Command
system-view
interface interface-type
interface-number
dot1x auth-fail vlan
authfail-vlan-id
96
Reference
See Layer 2
Configuration Guide.
See
"Configuring MAC
authentication."
See
"Configuring port
Remarks
N/A
N/A
By default, no Auth-Fail VLAN is configured.
LAN Switching
—
security."
LAN Switching
—