Configuring an auth-fail vlan, Configuration guidelines, Configuration prerequisites – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 137: Configuration procedure

123

Step Command

Remarks

Configure an 802.1X guest VLAN
for one or more ports.

•

In system view:
dot1x guest-vlan guest-vlan-id

[ interface interface-list ]

•

In Ethernet interface view:

interface interface-type

interface-number

dot1x guest-vlan

guest-vlan-id

Use either approach.
By default, no 802.1X guest
VLAN is configured on any

port.

Configuring an Auth-Fail VLAN

Configuration guidelines

Follow these guidelines when you configure an Auth-Fail VLAN:

•

Auth-Fail VLAN is supported only on ports that performs MAC-based access control.

•

You can configure only one 802.1X Auth-Fail VLAN on a port. The 802.1X Auth-Fail VLANs on

different ports can be different.

•

Assign different IDs for the default VLAN, and the 802.1X Auth-Fail VLAN on a port, so the port can
correctly process VLAN tagged incoming traffic.

•

Use

Table 7

when configuring multiple security features on a port.

Table 7 Relationships of the 802.1X Auth-Fail VLAN with other features

Feature Relationship description

Reference

MAC authentication guest VLAN
on a port that performs

MAC-based access control

The 802.1X Auth-Fail VLAN has a high
priority.

See "Configuring MAC
authentication."

Port intrusion protection on a port
that performs MAC-based access

control

The 802.1X Auth-Fail VLAN function has
higher priority than the block MAC action
but lower priority than the shut down port

action of the port intrusion protection

feature.

See "Configuring port
security."

Configuration prerequisites

•

Create the VLAN to be specified as the 802.1X Auth-Fail VLAN.

•

On the 802.1X-enabled port that performs MAC-based access control, configure the port as a
hybrid port, enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an

untagged member. For more information about the MAC-based VLAN function, see Layer 2

Configuration Guide.

Configuration procedure

To configure an Auth-Fail VLAN:

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000