Dot1X Auth-Fail Vlan - H3C S3100 Series Command Manual

Use the undo dot1x authentication-method command to revert to the default 802.1x authentication
method.
The default 802.1x authentication method is CHAP.
PAP applies a two-way handshaking procedure. In this method, passwords are transmitted in plain text.
CHAP applies a three-way handshaking procedure. In this method, user names are transmitted rather
than passwords. Therefore this method is safer.
In EAP authentication, a switch authenticates supplicant systems by encapsulating 802.1x
authentication information in EAP packets and sending the packets to the RADIUS server, instead of
converting the packets into RADIUS packets before forwarding to the RADIUS server. You can use EAP
authentication in one of the four sub-methods: PEAP, EAP-TLS, EAP-TTLS and EAP-MD5.
Related command: display dot1x.
When the current device operates as the authentication server, EAP authentication is unavailable.
Example
# Specify the authentication method to be PAP.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] dot1x authentication-method pap

dot1x auth-fail vlan

Syntax
dot1x auth-fail vlan authfail-vlan-id
undo dot1x auth-fail vlan
View
Ethernet interface view
Parameters
authfail-vlan-id: ID of the Auth-Fail VLAN for the port, in the range of 1 to 4094. The VLAN must already
exist.
Descriptions
Use the dot1x auth-fail vlan command to configure the Auth-Fail VLAN for a port, that is, the VLAN for
users failing authentication.
Use the undo dot1x auth-fail vlan command to restore the default.
By default, no Auth-Fail VLAN is configured on a port.
Note that:
Currently, only the S3100-EI series support the two commands.
1-6