172
If this mode is used, the
user-name-format
command configured in RADIUS scheme view
does not take effect. For more information about the
user-name-format
command, see
"RADIUS commands."
If RADIUS authentication is used, you must configure the access device to use the same
authentication method (PAP, CHAP, or EAP) as the RADIUS server.
Examples
# Enable the access device to terminate EAP packets and perform PAP authentication with the
RADIUS server.
<Sysname> system-view
[Sysname] dot1x authentication-method pap
Related commands
display dot1x
dot1x auth-fail vlan
Use
dot1x auth-fail vlan
to configure an 802.1X Auth-Fail VLAN on a port.
Use
undo dot1x auth-fail vlan
to restore the default.
Syntax
dot1x auth-fail vlan authfail-vlan-id
undo dot1x auth-fail vlan
Default
No 802.1X Auth-Fail VLAN exists on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
authfail-vlan-id
: Specifies the ID of the 802.1X Auth-Fail VLAN on the port. The value range for the
VLAN ID is 1 to 4094. Make sure the VLAN has been created.
Usage guidelines
An 802.1X Auth-Fail VLAN accommodates users that have failed 802.1X authentication for any
reason other than unreachable servers. Users in the Auth-Fail VLAN can access a limited set of
network resources.
You cannot specify a VLAN as both a super VLAN and an 802.1X Auth-Fail VLAN on a port. For
more information about super VLANs, see
Layer 2—LAN Switching Configuration Guide
.
On a port, the 802.1X Auth-Fail VLAN configuration is mutually exclusive with the 802.1X guest VSI,
802.1X Auth-Fail VSI, and 802.1X critical VSI settings.
To delete a VLAN that has been configured as an 802.1X Auth-Fail VLAN, you must first use the
undo dot1x auth-fail vlan
command.
Examples
# Configure VLAN 100 as the Auth-Fail VLAN on Ten-GigabitEthernet 1/0/1.