Table of Contents
Advertisement
When 802.1X authentication is triggered on a port, the device performs the following operations:
1.
Sends a unicast EAP-Request/Identity packet to the MAC address that triggers the
authentication.
2.
Retransmits the packet if no response has been received within the username request timeout
interval set by using the dot1x timer tx-period command.
3.
Assigns the port to the 802.1X guest VLAN after the maximum number of request attempts set
by using the dot1x retry command is reached.
If you use the undo command without any keyword, the command disables both EAPOL-triggered
and new MAC-triggered 802.1X guest VLAN assignment delay on a port.
Examples
# Enable EAPOL-triggered 802.1X guest VLAN assignment delay on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dot1x guest-vlan-delay eapol
Related commands
display dot1x
dot1x guest-vlan
dot1x retry
dot1x timer tx-period
dot1x guest-vsi
Use dot1x guest-vsi to configure an 802.1X guest VSI on a port.
Use undo dot1x guest-vsi to restore the default.
Syntax
dot1x guest-vsi guest-vsi-name
undo dot1x guest-vsi
Default
No 802.1X guest VSI exists on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
guest-vsi-name: Specifies the name of the 802.1X guest VSI on the port, a case-sensitive string of 1
to 31 characters.
Usage guidelines
An 802.1X guest VSI accommodates users that have not performed 802.1X authentication. Users in
the 802.1X guest VSI can access a limited set of network resources in the VXLAN associated with
this VSI. For example, an 802.1X user can access a software server to download anti-virus software
and system patches.
183
Advertisement
Table of Contents
