176
Predefined user roles
network-admin
mdc-admin
Parameters
critical-vsi-name
: Specifies the name of the 802.1X critical VSI on the port, a case-sensitive string of
1 to 31 characters.
Usage guidelines
An 802.1X critical VSI accommodates users that have failed 802.1X authentication because all the
RADIUS servers in their ISP domains are unreachable. Users in the 802.1X critical VSI can access a
limited set of network resources in the VXLAN associated with this VSI.
You can configure only one 802.1X critical VSI on a port. The 802.1X critical VSIs on different ports
can be different.
On a port, the 802.1X critical VSI configuration is mutually exclusive with the 802.1X guest VLAN,
802.1X Auth-Fail VLAN, and 802.1X critical VLAN settings.
Examples
# Specify VSI
vsiuser
as the 802.1X critical VSI on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dot1x critical vsi vsiuser
Related commands
display dot1x
dot1x critical-voice-vlan
Use
dot1x critical-voice-vlan
to enable the 802.1X critical voice VLAN on a port.
Use
undo dot1x critical-voice-vlan
to restore the default.
Syntax
dot1x critical-voice-vlan
undo dot1x critical-voice-vlan
Default
The 802.1X critical voice VLAN is disabled on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The 802.1X critical voice VLAN on a port accommodates 802.1X voice users that have failed
authentication because none of the RADIUS servers in their ISP domain are reachable.
Before you enable the 802.1X critical voice VLAN on the port, make sure the following requirements
are met: