Configuration restrictions and guidelines

When you configure an 802.1X Auth-Fail VLAN, follow these restrictions and guidelines:

Assign different IDs to the voice VLAN, the port VLAN, and the 802.1X Auth-Fail VLAN on a port. The assignment makes sure the port can correctly process VLAN-tagged incoming traffic.
You can configure only one 802.1X Auth-Fail VLAN on a port. The 802.1X Auth-Fail VLANs on different ports can be different.

When you configure multiple security features on a port, follow the guidelines in Table 9.

Table 9: Relationships of the 802.1X Auth-Fail VLAN with other features

Feature	Relationship description	Reference
Super VLAN	You cannot specify a VLAN as both a super VLAN and an 802.1X Auth-Fail VLAN.	See Layer 2—LAN Switching Configuration Guide.
MAC authentication guest VLAN on a port that performs MAC-based access control	The 802.1X Auth-Fail VLAN has a high priority.	See "Configuring MAC authentication."
Port intrusion protection actions on a port that performs MAC-based access control	The 802.1X Auth-Fail VLAN feature has higher priority than the block MAC action. The 802.1X Auth-Fail VLAN feature has lower priority than the shutdown port action of the port intrusion protection feature.	See "Configuring port security."

Feature

Relationship description

Reference

Super VLAN

You cannot specify a VLAN as both a super VLAN and an 802.1X Auth-Fail VLAN.

See Layer 2—LAN Switching Configuration Guide.

MAC authentication guest VLAN on a port that performs MAC-based access control

The 802.1X Auth-Fail VLAN has a high priority.

Port intrusion protection actions on a port that performs MAC-based access control

The 802.1X Auth-Fail VLAN feature has higher priority than the block MAC action.

The 802.1X Auth-Fail VLAN feature has lower priority than the shutdown port action of the port intrusion protection feature.

prev	up	next
Configuring an 802.1X Auth-Fail VLAN	home	Configuration prerequisites