15
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
By default, the device sends EAP-Failure packets to 802.1X clients when the client users are
assigned to the 802.1X critical VLAN. Some 802.1X clients, such as Windows built-in 802.1X clients,
cannot respond to the EAP-Request/Identity packets from the device for reauthentication if they
have received an EAP-Failure packet. As a result, reauthentication for these clients will fail after the
authentication server becomes reachable.
To avoid this situation, enable the device to send EAP-Success packets instead of EAP-Failure
packets to 802.1X clients when the client users are assigned to the 802.1X critical VLAN.
Examples
# Send an EAP-Success packet to a client when the 802.1X client user is assigned to the 802.1X
critical VLAN on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dot1x critical eapol
Related commands
dot1x critical vlan
dot1x critical vlan
Use
dot1x critical vlan
to configure an 802.1X critical VLAN on a port.
Use
undo dot1x critical vlan
to restore the default.
Syntax
dot1x critical
vlan
critical-vlan-id
undo dot1x critical vlan
Default
No 802.1X critical VLAN exists on a port.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
critical-vlan-id
: Specifies the ID of the 802.1X critical VLAN on the port. The value range for
the VLAN ID is 1 to 4094. Make sure the VLAN has been created.
Usage guidelines
An 802.1X critical VLAN accommodates users that fail 802.1X authentication because all the
RADIUS servers in their ISP domains are unreachable. Users in the critical VLAN can access a
limited set of network resources depending on the configuration.
To delete a VLAN that has been configured as an 802.1X critical VLAN, you must first use the
undo
dot1x critical vlan
command.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...