Configuration procedure
Follow these steps to configure an Auth-Fail VLAN:
To do...
Enter system view
Enter Ethernet interface view
Configure the Auth-Fail VLAN
for the port
Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with
only one Auth-Fail VLAN.
The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of the
MAC address on the port. But if the port is disabled by the intrusion protection function, the MAFV
cannot take effect. For description on the intrusion protection function of disabling a port, refer to
Port Security Configuration in the Security Volume.
Displaying and Maintaining 802.1X
To do...
Display 802.1X session
information, statistics, or
configuration information of
specified or all ports
Clear 802.1X statistics
802.1X Configuration Example
Network requirements
It is required to use the access control method of macbased on the port GigabitEthernet 2/0/1 to
control clients.
All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUS
authentication is performed at first, and then local authentication when no response from the
RADIUS server is received. If the RADIUS accounting fails, the device gets users offline.
A server group with two RADIUS servers is connected to the device. The IP addresses of the
servers
are
authentication/secondary
authentication/primary accounting server.
Use the command...
system-view
interface interface-type
interface-number
dot1x auth-fail vlan
authfail-vlan-id
Use the command...
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
reset dot1x statistics
[ interface interface-list ]
10.1.1.1
and
10.1.1.2
accounting
respectively.
Use
server,
and
the
1-21
Remarks
—
—
Required
By default, a port is configured
with no Auth-Fail VLAN.
Remarks
Available in any view
Available in user view
the
former
as
the
latter
as
the
secondary
primary