R0106-HP MSR Router Series Security Configuration Guide(V7)
90
Configuring an 802.1X Auth-Fail VLAN
Configuration guidelines
When you configure an 802.1X Auth-Fail VLAN, follow these restrictions and guidelines:
• Configure the VLAN on an 802.1X-enabled port that performs port-based access control.
• Assign different IDs to the port VLAN and the 802.1X Auth-Fail VLAN on the port, so the port can
correctly process VLAN-tagged incoming traffic.
• You can configure only one 802.1X Auth-Fail VLAN on the port. The 802.1X Auth-Fail VLANs on
different ports can be different.
Configuration prerequisites
Before you configure an 802.1X Auth-Fail VLAN, complete the following tasks:
• Create the VLAN to be specified as the 802.1X Auth-Fail VLAN.
• Enable 802.1X multicast trigger on the port.
Configuration procedure
To configure an 802.1X Auth-Fail VLAN:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Ethernet interface view.
interface interface-type
interface-number
N/A
3. Configure the 802.1X Auth-Fail
VLAN on the port.
dot1x auth-fail vlan authfail-vlan-id
By default, no 802.1X Auth-Fail
VLAN is configured.
Configuring an 802.1X critical VLAN
Configuration guidelines
When you configure an 802.1X critical VLAN, follow these restrictions and guidelines:
• Configure the VLAN on an 802.1X-enabled port that performs port-based access control.
• Assign different IDs for the PVID and the 802.1X critical VLAN on the port, so the port can correctly
process VLAN-tagged incoming traffic.
• You can configure only one 802.1X critical VLAN on the port. The 802.1X critical VLANs on
different ports can be different.
Configuration prerequisites
Before you configure an 802.1X critical VLAN, complete the following tasks:
• Create the VLAN to be specified as a critical VLAN.