86
Configuring a port to send EAPOL frames untagged
EAPOL frames exchanged between the 802.1X client and the network access device must not contain
VLAN tags. If any 802.1X user attached to a port is assigned a tagged VLAN, you must enable the port
to send EAPOL frames untagged to 802.1X clients.
To configure a port to send EAPOL packets untagged to 802.1X clients:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3.
Configure the port to send
802.1X EAPOL frames
untagged.
dot1x eapol untag
By default, whether the port sends
EAPOL packets with a VLAN tag
depends on the VLAN settings on
the port.
Setting the maximum number of 802.1X
authentication attempts for MAC authentication
users
If both MAC authentication and 802.1X authentication are enabled on a port, the device allows an
authenticated MAC authentication user to initiate an 802.1X authentication. If the user passes 802.1X
authentication, the user goes online as an 802.1X user. If the user fails 802.1X authentication, the user
can retry authentication until the maximum number of authentication attempts is reached.
To set the maximum number of 802.1X authentication attempts for MAC authentication users:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet interface
view.
interface
interface-type
interface-number
N/A
3.
Set the maximum number of
802.1X authentication attempts
for MAC authentication users.
dot1x attempts max-fail
unsuccessful-attempts
By default, an authenticated MAC
authentication user can retry
802.1X authentication until the
maximum number of authentication
attempts configured on the 802.1X
client is reached.
Configuring a VLAN group
Step Command
Remarks
1.
Enter system view.
system-view
N/A