If the 802.1X-enabled port performs MAC-based access control, perform the following operations
•
for the port:
Configure the port as a hybrid port.
Enable MAC-based VLAN on the port. For more information about the MAC-based VLAN
feature, see Layer 2—LAN Switching Configuration Guide.
Assign the port to the Auth-Fail VLAN as an untagged member.
Configuration procedure
To configure an 802.1X Auth-Fail VLAN:
Step
1.
Enter system view.
2.
Enter Ethernet interface view.
3.
Configure the 802.1X
Auth-Fail VLAN on the port.
Configuring an 802.1X critical VLAN
Configuration guidelines
When you configure an 802.1X critical VLAN, follow these restrictions and guidelines:
•
Assign different IDs to the voice VLAN, the PVID, and the 802.1X critical VLAN on a port. The
assignment makes sure the port can correctly process VLAN-tagged incoming traffic.
You can configure only one 802.1X critical VLAN on a port. The 802.1X critical VLANs on different
•
ports can be different.
Configuration prerequisites
Before you configure an 802.1X critical VLAN, complete the following tasks:
Create the VLAN to be specified as a critical VLAN.
•
If the 802.1X-enabled port performs MAC-based access control, perform the following operations
•
for the port:
Configure the port as a hybrid port.
Enable MAC-based VLAN on the port. For more information about the MAC-based VLAN
feature, see Layer 2—LAN Switching Configuration Guide.
Assign the port to the 802.1X critical VLAN as an untagged member.
Configuration procedure
To configure an 802.1X critical VLAN:
Command
system-view
interface interface-type
interface-number
dot1x auth-fail vlan authfail-vlan-id
88
Remarks
N/A
N/A
By default, no 802.1X Auth-Fail
VLAN is configured.