1-18
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet interface view
interface interface-type
interface-number
—
Configure the Auth-Fail VLAN
for the port
dot1x auth-fail vlan
authfail-vlan-id
Required
By default, a port is configured
with no Auth-Fail VLAN.
z
Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with
only one Auth-Fail VLAN.
z
If you configure both an MAFV for 802.1X authentication and an MGV for MAC authentication on a
port, the newly generated MAFV entry for a user will overwrite the MGV entry for the user, if any;
while the newly generated MGV entry for a user will not overwrite the MAFV entry, if any.
z
The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of the
MAC address on the port. But if the port is disabled by the intrusion protection function, the MAFV
cannot take effect. For description on the intrusion protection function of disabling a port, refer to
Port Security Configuration
in the
Security Volume
.
Displaying and Maintaining 802.1X
To do…
Use the command…
Remarks
Display 802.1X session
information, statistics, or
configuration information of
specified or all ports
display dot1x
[
sessions
|
statistics
] [
interface
interface-list
]
Available in any view
Clear 802.1X statistics
reset dot1x statistics
[
interface interface-list
]
Available in user view
802.1X Configuration Example
Network requirements
z
The access control method of
macbased
is required on the port GigabitEthernet 1/0/1 to control
clients.
z
All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUS
authentication is performed at first, and then local authentication when no response from the
RADIUS server is received. If the RADIUS accounting fails, the device gets users offline.
z
A server group with two RADIUS servers is connected to the device. The IP addresses of the
servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary
authentication/secondary accounting server, and the latter as the secondary
authentication/primary accounting server.
Summary of Contents for S5500-SI Series
Page 161: ...3 10 GigabitEthernet1 0 1 2 MANUAL...
Page 220: ...1 7 Clearing ARP entries from the ARP table may cause communication failures...
Page 331: ...1 7 1 1 ms 1 ms 1 ms 1 1 6 1 2 1 ms 1 ms 1 ms 1 1 4 1 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 493: ...2 8...
Page 1111: ...1 10 Installing patches Installation completed and patches will continue to run after reboot...