Configuration Procedure; Configuring An 802.1X Critical Vlan; Configuration Guidelines; Configuration Prerequisites - HP FlexFabric 5700 Series Security Configuration Manual

If the 802.1X-enabled port performs MAC-based access control, perform the following operations
•
for the port:
Configure the port as a hybrid port.
Enable MAC-based VLAN on the port. For more information about the MAC-based VLAN
feature, see Layer 2—LAN Switching Configuration Guide.
Assign the port to the Auth-Fail VLAN as an untagged member.

Configuration procedure

To configure an 802.1X Auth-Fail VLAN:
Step
1. Enter system view.
2. Enter Ethernet interface view.
3. Configure the 802.1X
Auth-Fail VLAN on the port.

Configuring an 802.1X critical VLAN

Configuration guidelines

When you configure an 802.1X critical VLAN, follow these restrictions and guidelines:
• Assign different IDs to the voice VLAN, the PVID, and the 802.1X critical VLAN on a port. The
assignment makes sure the port can correctly process VLAN-tagged incoming traffic.
You can configure only one 802.1X critical VLAN on a port. The 802.1X critical VLANs on different
•
ports can be different.

Configuration prerequisites

Before you configure an 802.1X critical VLAN, complete the following tasks:
Create the VLAN to be specified as a critical VLAN.
•
If the 802.1X-enabled port performs MAC-based access control, perform the following operations
•
for the port:
Configure the port as a hybrid port.
Enable MAC-based VLAN on the port. For more information about the MAC-based VLAN
feature, see Layer 2—LAN Switching Configuration Guide.
Assign the port to the 802.1X critical VLAN as an untagged member.
Configuration procedure
To configure an 802.1X critical VLAN:
Command
system-view
interface interface-type
interface-number
dot1x auth-fail vlan authfail-vlan-id
88
Remarks
N/A
N/A
By default, no 802.1X Auth-Fail
VLAN is configured.