Dot1X Auth-Fail Vlan - H3C S5120-SI Series Command Reference Manual
Hide thumbs
Also See for S5120-SI Series:
- Configuration manual (745 pages) ,
- Operation manual (697 pages) ,
- Command reference manual (209 pages)
Table of Contents
Advertisement
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dot1x
[Sysname-GigabitEthernet1/0/1] quit
[Sysname] interface gigabitethernet 1/0/5
[Sysname-GigabitEthernet1/0/5] dot1x
[Sysname-GigabitEthernet1/0/5] quit
[Sysname] interface gigabitethernet 1/0/6
[Sysname-GigabitEthernet1/0/6] dot1x
[Sysname-GigabitEthernet1/0/6] quit
[Sysname] interface gigabitethernet 1/0/7
[Sysname-GigabitEthernet1/0/7] dot1x
# Enable 802.1X globally.
<Sysname> system-view
[Sysname] dot1x
dot1x auth-fail vlan
Syntax
dot1x auth-fail vlan authfail-vlan-id
undo dot1x auth-fail vlan
View
Ethernet interface view
Default Level
2: System level
Parameters
authfail-vlan-id: ID of the Auth-Fail VLAN for the port, in the range of 1 to 4094. The VLAN must already
exist.
Descriptions
Use the dot1x auth-fail vlan command to configure the Auth-Fail VLAN for a port, that is, the VLAN for
users failing authentication.
Use the undo dot1x auth-fail vlan command to restore the default.
By default, no Auth-Fail VLAN is configured on a port.
An Auth-Fail VLAN can be a port-based Auth-Fail VLAN (PAFV) or a MAC-based Auth-Fail VLAN
(MAFV), depending on the port access control method.
Currently, on the switch, An Auth-Fail VLAN can be only a port-based Auth-Fail VLAN (PAFV).
Note that:
Note that failing authentication means being denied by the authentication server due to reasons
such as wrong password. Authentication failures caused by authentication timeout or network
connection problems do not fall into this category.
1-5
Advertisement
Chapters
Table of Contents
