82Configuration procedureFollow these steps to configure an Auth-Fail VLAN:To do… Use the command… Remarks1. Enter system view system-view —2. Enter Ethernet interface view interface interface-type interface-number —3. Configure the Auth-Fail VLANfor the portdot1x auth-fail vlan authfail-vlan-idRequiredBy default, a port is configuredwith no Auth-Fail VLAN.Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with only oneAuth-Fail VLAN.Displaying and maintaining 802.1XTo do… Use the command… Remarks1. Display 802.1X sessioninformation, statistics, orconfiguration information ofspecified or all portsdisplay dot1x [ sessions |statistics ] [ interface interface-list ]Available in any view2. Clear 802.1X statistics reset dot1x statistics [interface interface-list ] Available in user view802.1X configuration exampleBy default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in the state of DOWN. Toconfigure such an interface, use the undo shutdown command to bring it up first.Network requirements• It is required to use the access control method of macbased on the port GigabitEthernet3/0/1 to control clients.• All clients belong to default domain aabbcc.net, which can accommodate up to 30 users.RADIUS authentication is performed at first, and then local authentication when no responsefrom the RADIUS server is received. If the RADIUS accounting fails, the switch logs users off.• A server group with two RADIUS servers is connected to the switch. The IP addresses of theservers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primaryauthentication/accounting server, and the latter as the secondary authentication/accountingserver.• Set the shared key for the switch to exchange packets with the authentication server as name,and that for the switch to exchange packets with the accounting server as money.