Configuration restrictions and guidelines
When you configure an 802.1X Auth-Fail VLAN, follow these restrictions and guidelines:
Assign different IDs to the voice VLAN, the port VLAN, and the 802.1X Auth-Fail VLAN on a port. The assignment makes sure the port can correctly process VLAN-tagged incoming traffic.
You can configure only one 802.1X Auth-Fail VLAN on a port. The 802.1X Auth-Fail VLANs on different ports can be different.
When you configure multiple security features on a port, follow the guidelines in Table 9.
Table 9: Relationships of the 802.1X Auth-Fail VLAN with other features
Feature
Relationship description
Reference
Super VLAN
You cannot specify a VLAN as both a super VLAN and an 802.1X Auth-Fail VLAN.
See Layer 2—LAN Switching Configuration Guide.
MAC authentication guest VLAN on a port that performs MAC-based access control
The 802.1X Auth-Fail VLAN has a high priority.
Port intrusion protection actions on a port that performs MAC-based access control
The 802.1X Auth-Fail VLAN feature has higher priority than the block MAC action.
The 802.1X Auth-Fail VLAN feature has lower priority than the shutdown port action of the port intrusion protection feature.
See "Configuring port security."