Configuration procedure
To configure an 802.1X Auth-Fail VLAN:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Configure the 802.1X
Auth-Fail VLAN on the port.
Configuring an 802.1X critical VLAN
Configuration guidelines
When you configure an 802.1X critical VLAN, follow these restrictions and guidelines:
•
Assign different IDs to the port VLAN and the 802.1X critical VLAN on a port. The assignment
ensures that the port can correctly process VLAN-tagged incoming traffic.
•
You can configure only one 802.1X critical VLAN on a port. The 802.1X critical VLANs on
different ports can be different.
•
You cannot specify a VLAN as both a super VLAN and an 802.1X critical VLAN. For information
about super VLANs, see Layer 2—LAN Switching Configuration Guide.
•
Make sure the VLAN to be specified as the 802.1X critical VLAN already exists.
Configuration procedure
To configure an 802.1X critical VLAN:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Configure the 802.1X critical
VLAN on the port.
Specifying supported domain name delimiters
By default, the access device supports the at sign (@) as the delimiter. You can also configure the
access device to accommodate 802.1X users who use other domain name delimiters. The
configurable delimiters include the at sign (@), backslash (\), dot (.), and forward slash (/).
Usernames that include domain names can use the format of username@domain-name,
domain-name\username, username.domain-name, or username/domain-name.
If an 802.1X username string contains multiple configured delimiters, the rightmost delimiter is the
domain name delimiter. For example, if you configure the backslash (\), dot (.), and forward slash (/)
as delimiters, the domain name delimiter for the username string 121.123/22\@abc is the backslash
(\). The username is @abc and the domain name is 121.123/22.
Command
system-view
interface interface-type
interface-number
dot1x auth-fail vlan
authfail-vlan-id
Command
system-view
interface interface-type
interface-number
dot1x critical vlan vlan-id
103
Remarks
N/A
N/A
By default, no 802.1X Auth-Fail
VLAN is configured.
Remarks
N/A
N/A
By default, no 802.1X critical
VLAN is configured.