1-18To do… Use the command… RemarksEnter system view system-view —Enter Ethernet interface view interface interface-typeinterface-number —Configure the Auth-Fail VLANfor the portdot1x auth-fail vlanauthfail-vlan-idRequiredBy default, a port is configuredwith no Auth-Fail VLAN.z Different ports can be configured with different Auth-Fail VLANs, but a port can be configured withonly one Auth-Fail VLAN.z If you configure both an MAFV for 802.1X authentication and an MGV for MAC authentication on aport, the newly generated MAFV entry for a user will overwrite the MGV entry for the user, if any;while the newly generated MGV entry for a user will not overwrite the MAFV entry, if any.z The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of theMAC address on the port. But if the port is disabled by the intrusion protection function, the MAFVcannot take effect. For description on the intrusion protection function of disabling a port, refer toPort Security Configuration in the Security Volume.Displaying and Maintaining 802.1XTo do… Use the command… RemarksDisplay 802.1X sessioninformation, statistics, orconfiguration information ofspecified or all portsdisplay dot1x [ sessions |statistics ] [ interfaceinterface-list ]Available in any viewClear 802.1X statistics reset dot1x statistics[ interface interface-list ] Available in user view802.1X Configuration ExampleNetwork requirementsz The access control method of macbased is required on the port GigabitEthernet 1/0/1 to controlclients.z All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUSauthentication is performed at first, and then local authentication when no response from theRADIUS server is received. If the RADIUS accounting fails, the device gets users offline.z A server group with two RADIUS servers is connected to the device. The IP addresses of theservers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primaryauthentication/secondary accounting server, and the latter as the secondaryauthentication/primary accounting server.