Configuration prerequisites – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 546
525
•
Assign different IDs to the default VLAN and 802.1X Auth-Fail VLAN on a port, so the port can
correctly process VLAN tagged incoming traffic.
•
when you configure multiple security features on a port.
Table 170 Relationships of the 802.1X Auth-Fail VLAN with other features
Feature Relationship description
MAC authentication guest VLAN on a port that
performs MAC-based access control
The 802.1X Auth-Fail VLAN has a high priority.
Port intrusion protection on a port that
performs MAC-based access control
The 802.1X Auth-Fail VLAN function has higher priority
than the block MAC action, but lower priority than the
shutdown port action of the port intrusion protection
feature.
Configuration prerequisites
•
Create the VLAN to be specified as the 802.1X Auth-Fail VLAN.
•
If the 802.1X-enabled port performs port-based access control, enable 802.1X multicast trigger.
(802.1X multicast trigger is enabled by default.)
•
If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid port,
enable MAC-based VLAN on the port, and assign the port to the Auth-Fail VLAN as an untagged
member.