H3C S6812 Series Command Reference Manual page 1776

If this mode is used, the user-name-format command configured in RADIUS scheme view
does not take effect. For more information about the user-name-format command, see
"RADIUS commands."
If RADIUS authentication is used, you must configure the access device to use the same
authentication method (PAP, CHAP, or EAP) as the RADIUS server.
Examples
# Enable the access device to terminate EAP packets and perform PAP authentication with the
RADIUS server.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
Related commands
display dot1x
dot1x auth-fail vlan
Use dot1x auth-fail vlan to configure an 802.1X Auth-Fail VLAN on a port.
Use undo dot1x auth-fail vlan to restore the default.
Syntax
dot1x auth-fail vlan authfail-vlan-id
undo dot1x auth-fail vlan
Default
No 802.1X Auth-Fail VLAN exists on a port.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
authfail-vlan-id: Specifies the ID of the 802.1X Auth-Fail VLAN on the port. The value range for the
VLAN ID is 1 to 4094. Make sure the VLAN has been created.
Usage guidelines
An 802.1X Auth-Fail VLAN accommodates users who have failed 802.1X authentication for any
reason other than unreachable servers. Users in the Auth-Fail VLAN can access a limited set of
network resources.
You cannot specify a VLAN as both a super VLAN and an 802.1X Auth-Fail VLAN on a port. For
more information about super VLANs, see Layer 2—LAN Switching Configuration Guide.
To delete a VLAN that has been configured as an 802.1X Auth-Fail VLAN, you must first use the
undo dot1x auth-fail vlan command.
Examples
# Configure VLAN 100 as the Auth-Fail VLAN on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dot1x auth-fail vlan 100
8