The dot1x vlan-tagged command enables the device to replace VLAN IDs carried in user packets with a specified VLAN ID.
The undo dot1x vlan-tagged command restores the default configuration.
By default, the device is disabled from replacing VLAN IDs carried in user packets with a specified VLAN ID.
| Parameter | Description | Value |
|---|---|---|
| access-vlan access-vlan |
Specifies a VLAN ID with which the device replaces VLAN IDs carried in the packets of users who pass the authentication. |
The value is an integer ranging from 1 to 4094. |
| guest-vlan guest-vlan |
Specifies a VLAN ID with which the device replaces VLAN IDs carried in the packets of users who fail the authentication. |
The value is an integer ranging from 1 to 4094. |
| untagged |
Dot1x vlan untagged. |
- |
Usage Scenario
To separately manage the traffic of users who pass the authentication and who fail the authentication, run the dot1x vlan-tagged command to enable the device to replace VLAN IDs carried in user packets with a specified VLAN ID for traffic isolation.
Prerequisites
MAC bypass authentication has been enabled using the dot1x mac-bypass command.
Precautions
In VS mode, this command is supported only by the admin VS.
<HUAWEI> system-view [~HUAWEI] vlan 100 [~HUAWEI] interface GigabitEthernet 0/1/1 [*HUAWEI-GigabitEthernet0/1/1] portswitch [*HUAWEI-GigabitEthernet0/1/1] commit [*HUAWEI-GigabitEthernet0/1/1] port trunk allow-pass vlan 100 [~HUAWEI-GigabitEthernet0/1/1] dot1x enable [*HUAWEI-GigabitEthernet0/1/1] dot1x mac-bypass delay 50 [*HUAWEI-GigabitEthernet0/1/1] dot1x vlan-tagged access-vlan 100