DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-44
DES-7200(config)# interface fa 0/1
DES-7200(config-if)# dot1x auth-fail vlan 2
Caution
If the configured vlan is inexistent, the vlan will be created
dynamically when the port enters the auth-fail vlan, and will be
auto-removed when the port exits from the auth-fail vlan.
If the port is down, it will exit from the auth-fail vlan automatically.
It allows setting the auth-fail vlan and the guest vlan in the same
VLAN.
In the port mode and in the auth-fail vlan, it only allows the
last-auth-fail user for the re-auth, and the auth-requests of other
users are dropped. This restriction is not applicable for the MAC
mode.
The auth-fail vlan does not support private vlan. That is, the private
vlan cannot be set as the dot1x auth-fail vlan.
4.2.36 Configuring Dot1x
Auth-Fail Max-Attempt
To configure the auth-fail max-attempt times, run the following commands:
Command Function
configure terminal
Enter the global configuration mode.
dot1x auth-fail max-attemp<value>
Set the auth-fail max-attempt times, the default
value is 3 and the valid range is 1-3.
end
Return to the privileged mode.
Write
Save the configurations.
show running-config
Show all configurations.
Following example shows how to configure the auth-fail max-attempt value.
DES-7200# configure terminal
DES-7200(config)# dot1x auth-fail max-attempt 2
4.2.37 Configuring Inaccessible
Authentication Bypass
When all RADIUS servers configured on the switch are inaccessible, the user's authentication
request won't receive any reply, and the administrator won't be able to verify user's identity.
From the perspective of user, if no other authentication method is configured on the switch, it
won't be able to access the network. To ensure that the new authenticated user can access
network, Inaccessible Authentication Bypass (IAB) can be configured on the port.
Execute the following steps to enable IAB: