Configuring an auth-fail vlan – H3C Technologies H3C S7500E Series Switches User Manual

5-24

Configuring an Auth-Fail VLAN

z

The Auth-Fail VLAN function and the free IP function in EAD fast deployment are mutually

exclusive on a port.

z

If the traffic from a user-side device carries VLAN tags and the 802.1X authentication and

Auth-Fail VLAN functions are configured on the access port, you are recommended to

configure different VLAN IDs for the voice VLAN, default VLAN of the port, and 802.1X

Auth-Fail VLAN. This is to ensure the normal use of the functions.

z

A super VLAN cannot be set as the Auth-Fail VLAN. Similarly, an Auth-Fail VLAN cannot

be set as the super VLAN. For information about super VLAN, see VLAN Configuration in

the Layer 2 – LAN Switching Configuration Guide.

Before configuring an Auth-Fail VLAN, make sure that:

z

The VLAN to be specified as the Auth-Fail VLAN has been created

z

The port access control method is portbased, and the 802.1X multicast trigger function is

enabled if you want to configure a port-based Auth-Fail VLAN.

z

The port access control method is macbased and the MAC VLAN function is enabled on

the port if you want to configure a MAC-based Auth-Fail VLAN. For how to configure the

MAC VLAN function, see VLAN Configuration in the Layer 2 – LAN Switching Configuration

Guide.

Follow these steps to configure an Auth-Fail VLAN:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet interface view

interface interface-type

interface-number

—

Configure the Auth-Fail VLAN

for the port

dot1x auth-fail vlan

authfail-vlan-id

Required

By default, a port is configured

with no Auth-Fail VLAN.