No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the Critical VLAN Function

(Optional) Configuring the Critical VLAN Function

Context

During 802.1X authentication, when the access device is disconnected from the authentication server or the authentication server fails, the authentication process in the network is interrupted. In this case, the user fails authentication. Meanwhile, the user cannot be added to and access resources in the guest and restrict VLANs. After the critical VLAN function is configured, when the access device is disconnected from the authentication server or the authentication server fails, the 802.1X authentication users are added to the critical VLAN, and can then access resources in the critical VLAN.
NOTE:

If a free-ip function is configured, the critical VLAN in 802.1X authentication expires immediately.

The critical VLAN function can take effect only on hybrid or access interfaces that are added to VLANs in untagged mode. The critical VLAN function cannot take effect on the interfaces of other types.

You can configure the critical VLAN function of 802.1X authentication in the system or interface view.

Procedure

  • In the system view:
    1. Run system-view

      The system view is displayed.

    2. Run authentication critical-vlan vlan-id interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

      The critical VLAN to which the interface is added is configured.

      By default, an interface is not added to the critical VLAN.

    3. Run authentication critical eapol-success interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

      The function of replying an EAPoL-Success packet to the user after the user is added to the critical VLAN is configured.

      By default, an EAPoL-Fail packet is sent to a user after the user is added to the critical VLAN.

    4. Run authentication max-reauth-req times interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

      The maximum number of re-authentication attempts for users in the critical VLAN is set.

      By default, the maximum number of re-authentication attempts for users in the critical VLAN is 20.

  • In the interface view:
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The interface view is displayed.

    3. Run authentication critical-vlan vlan-id

      The critical VLAN to which the interface is added is configured.

      By default, an interface is not added to the critical VLAN.

    4. Run authentication critical eapol-success

      The function of replying an EAPoL-Success packet to the user after the user is added to the critical VLAN is configured.

      By default, an EAPoL-Fail packet is sent to a user after the user is added to the critical VLAN.

    5. Run authentication max-reauth-req times

      The maximum number of re-authentication attempts for users in the critical VLAN is set.

      By default, the maximum number of re-authentication attempts for users in the critical VLAN is 20.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 20327

Downloads: 6

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next