Инструкции По Установке для 3com S7906E

 

1-21 

Follow these steps to configure an Auth-Fail VLAN: 

Enter system view 

— 

Enter Ethernet interface view 

interface interface-type 
interface-number 

— 

Configure the Auth-Fail VLAN 
for the port 

dot1x auth-fail vlan 
authfail-vlan-id 

Required 

By default, a port is configured 
with no Auth-Fail VLAN. 

 

z 

Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with 

only one Auth-Fail VLAN. 

z 

The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of the 

MAC address on the port. But if the port is disabled by the intrusion protection function, the MAFV 

cannot take effect. For description on the intrusion protection function of disabling a port, refer to 

Port Security Configuration in the Security Volume. 

 

Display 802.1X session 
information, statistics, or 
configuration information of 
specified or all ports 

display dot1x [ sessions | 
statistics ] [ interface 
interface-list ] 

Available in any view 

Clear 802.1X statistics 

reset dot1x statistics 
[ interface interface-list ] 

Available in user view 

 

z 

It is required to use the access control method of macbased on the port GigabitEthernet 2/0/1 to 

control clients. 

z 

All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUS 

authentication is performed at first, and then local authentication when no response from the 

RADIUS server is received. If the RADIUS accounting fails, the device gets users offline. 

z 

A server group with two RADIUS servers is connected to the device. The IP addresses of the 

servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary 

authentication/secondary accounting server, and the latter as the secondary 

authentication/primary accounting server.