Displaying And Maintaining 802.1X - H3C S5120-EI Series Operation Manual
Hide thumbs
Also See for S5120-EI Series:
- Operation manual (1191 pages) ,
- Command reference manual (242 pages) ,
- Configuration manual (206 pages)
Table of Contents
Advertisement
Configuration prerequisites
Create the VLAN to be specified as the Auth-Fail VLAN.
To configure a port-based Auth-Fail VLAN, make sure that the port access control method is
portbased, and the 802.1X multicast trigger function is enabled.
To configure a MAC-based Auth-Fail VLAN, make sure that the port access control method is
macbased and the MAC VLAN function is enabled on the port. For the MAC VLAN configuration,
refer to VLAN Configuration in the Access Volume.
Configuration procedure
Follow these steps to configure an Auth-Fail VLAN:
To do...
Enter system view
Enter Ethernet interface view
Configure the Auth-Fail VLAN
for the port
Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with
only one Auth-Fail VLAN.
The Auth-Fail VLAN function and the free IP function in EAD fast deployment are mutually
exclusive on a port.
If you configure both an MAFV for 802.1X authentication and an MGV for MAC authentication on a
port, the newly generated MAFV entry for a user will overwrite the MGV entry for the user, if any;
while the newly generated MGV entry for a user will not overwrite the MAFV entry, if any.
The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of the
MAC address on the port. But if the port is disabled by the intrusion protection function, the MAFV
cannot take effect. For description on the intrusion protection function of disabling a port, refer to
Port Security Configuration in the Security Volume.
If the traffic from a user-side device carries VLAN tags and the 802.1X authentication and guest
VLAN functions are configured on the access port, you are recommended to configure different
VLAN IDs for the voice VLAN, default VLAN of the port, and 802.1X guest VLAN. This is to ensure
the normal use of the functions.
Displaying and Maintaining 802.1X
To do...
Display 802.1X session
information, statistics, or
configuration information of
specified or all ports
Use the command...
system-view
interface interface-type
interface-number
dot1x auth-fail vlan
authfail-vlan-id
Use the command...
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
1-18
Remarks
—
—
Required
By default, a port is configured
with no Auth-Fail VLAN.
Remarks
Available in any view
Advertisement
Chapters
Table of Contents
Troubleshooting
