R2511-HP MSR Router Series Security Command Reference(V5)
126
<Sysname> system-view
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] dot1x auth-fail vlan 3
Related commands
• dot1x
• dot1x port-method
dot1x critical vlan
Use dot1x critical vlan to configure an 802.1X critical VLAN on a port for users that fail 802.1X
authentication because all the RADIUS servers in their ISP domains have been unreachable.
Use undo dot1x critical vlan to restore the default.
Syntax
dot1x critical vlan vlan-id
undo dot1x critical vlan
Default
No critical VLAN is configured on any port.
Views
Layer 2 Ethernet interface view
Default command level
2: System level
Parameters
vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Make sure the VLAN has been created and is
not a super VLAN. For more information about super VLANs, see Layer 2—LAN Switching Configuration
Guide.
Usage guidelines
You can configure only one critical VLAN on a port. The MAC authentication critical VLANs on different
ports can be different.
When you change the access control method from port-based to MAC-based on a port that is in a critical
VLAN, the port is removed from the critical VLAN. The device does not support critical VLAN on a port
that implements MAC-based access control.
To delete a VLAN that has been configured as an 802.1X critical VLAN, you must perform the undo
dot1x critical vlan command first.
Examples
# Specify VLAN 3 as the 802.1X critical VLAN on port Ethernet 1/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/1
[Sysname-Ethernet1/1] dot1x critical vlan 3