1-21Configuration procedureFollow these steps to configure an Auth-Fail VLAN:To do… Use the command… RemarksEnter system view system-view —Enter Ethernet interface view interface interface-typeinterface-number —Configure the Auth-Fail VLANfor the portdot1x auth-fail vlanauthfail-vlan-idRequiredBy default, a port is configuredwith no Auth-Fail VLAN.z Different ports can be configured with different Auth-Fail VLANs, but a port can be configured withonly one Auth-Fail VLAN.z The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of theMAC address on the port. But if the port is disabled by the intrusion protection function, the MAFVcannot take effect. For description on the intrusion protection function of disabling a port, refer toPort Security Configuration in the Security Volume.Displaying and Maintaining 802.1XTo do… Use the command… RemarksDisplay 802.1X sessioninformation, statistics, orconfiguration information ofspecified or all portsdisplay dot1x [ sessions |statistics ] [ interfaceinterface-list ]Available in any viewClear 802.1X statistics reset dot1x statistics[ interface interface-list ] Available in user view802.1X Configuration ExampleNetwork requirementsz It is required to use the access control method of macbased on the port GigabitEthernet 2/0/1 tocontrol clients.z All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUSauthentication is performed at first, and then local authentication when no response from theRADIUS server is received. If the RADIUS accounting fails, the device gets users offline.z A server group with two RADIUS servers is connected to the device. The IP addresses of theservers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primaryauthentication/secondary accounting server, and the latter as the secondaryauthentication/primary accounting server.