dot1x critical recovery-action
Syntax
dot1x critical recovery-action reinitialize
undo dot1x critical recovery-action
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
reinitialize: Enables the port to trigger 802.1X re-authentication on detection of a reachable RADIUS authentication server for users in the critical VLAN.
Description
Use dot1x critical recovery-action to configure the action that a port takes when an active (reachable) RADIUS authentication server is detected for users in the critical VLAN.
Use undo dot1x critical recovery-action to restore the default.
By default, when a reachable RADIUS server is detected, the system removes the port or 802.1X users from the critical VLAN without triggering authentication.
The dot1x critical recovery-action command takes effect only for the 802.1X users in the critical VLAN on a port. It enables the port to take one of the following actions to trigger 802.1X authentication after removing 802.1X users from the critical VLAN on detection of a reachable RADIUS authentication server:
If MAC-based access control is used, the port sends a unicast Identity EAP/Request to each 802.1X user.
If port-based access control is used, the port sends a multicast Identity EAP/Request to all the 802.1X users attached to the port.
For prompt detection of active RADIUS authentication servers, use RADIUS server probing function (see "AAA configuration commands").
Examples
# Configure port Ethernet 1/0/1 to trigger 802.1X re-authentication on detection of an active RADIUS authentication server for users in the critical VLAN.
<Sysname> system-view [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] dot1x critical recovery-action reinitialize