Configuring An Auth-Fail Vlan - HP A5830 Series Configuration Manual

To do...

Configuring an Auth-Fail VLAN

Configuration guidelines
Follow these guidelines when you configure an 802.1X Auth-Fail VLAN:
Assign different IDs for the default VLAN and the 802.1X Auth-Fail VLAN on a port so the port can
•
correctly process VLAN tagged incoming traffic.
You can configure only one 802.1X Auth-Fail VLAN on a port. The 802.1X Auth-Fail VLANs on
•
different ports can be different.
Use Table 7
•
Table 7 Relationships of the 802.1X Auth-Fail VLAN with other features
Feature
MAC authentication guest VLAN
on a port that performs MAC-
based access control
Port intrusion protection on a port
that performs MAC-based access
control
Configuration prerequisites
Create the VLAN to be specified as the 802.1X Auth-Fail VLAN.
•
If the 802.1X-enabled port performs port-based access control, enable 802.1X multicast trigger.
•
If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid
•
port, enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an
untagged member. For more information about the MAC-based VLAN function, see Layer 2
Switching Configuration Guide.
To configure an Auth-Fail VLAN:
To do...
1. Enter system view.
Enter Ethernet interface view.
2.
3. Configure the Auth-Fail VLAN
on the port.
Use the command...
dot1x guest-vlan guest-vlan-id
when you configure multiple security features on a port.
Relationship description
The 802.1X Auth-Fail VLAN has a high
priority.
The 802.1X Auth-Fail VLAN function has
higher priority than the block MAC action
but lower priority than the shut down port
action of the port intrusion protection
feature.
Use the command...
system-view
interface interface-type interface-
number
dot1x auth-fail vlan authfail-vlan-
id
Remarks
Remarks
—
—
Required.
By default, no Auth-Fail VLAN is
configured.
82
Reference
See "Configuring MAC
authentication."
See "Configuring port
security."
—
LAN