170
successful-login
: Specifies logs generated for successful logins of 802.1X users.
Usage guidelines
As a best practice, disable this feature to prevent excessive output of logs for 802.1X users.
If you do not specify any parameters, this command enables all logging functions for 802.1X users.
Examples
# Enable logging for login failures of 802.1X users.
<Sysname> system-view
[Sysname] dot1x access-user log enable failed-login
Related commands
info-center source dot1x logfile deny
(
Network Management and Monitoring Command
Reference
)
dot1x after-mac-auth max-attempt
Use
dot1x after-mac-auth max-attempt
to set the maximum number of 802.1X authentication
attempts for MAC authenticated users on a port.
Use
undo dot1x after-mac-auth max-attempt
to restore the default.
Syntax
dot1x after-mac-auth max-attempt max-attempts
undo dot1x after-mac-auth max-attempt
Default
The number of 802.1X authentication attempts for MAC authenticated users is not limited on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
max-attempts
: Specifies a number in the range of 1 to 50.
Usage guidelines
The device denies 802.1X authentication requests of a MAC authenticated user after the maximum
number of 802.1X authentication attempts has been made.
The device will recount the number of 802.1X authentication attempts made by a MAC authenticated
user if a user logoff or device reboot event occurs.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to allow a maximum of 10 802.1X authentication attempts
made by a MAC authenticated user.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dot1x after-mac-auth max-attempt 10