Do you mean to allow Tagged VLAN for unsupported (not unauthorized) devices that present on that IEEE 802.1X enabled port?
From what you wrote it seems that unauthorized devices will be yet manged into VLAN 100 and you want that unsupported devices (not 802.1X capable clients) will be instead managed into VLAN 40.
Is that right? if so, the thread title is a little bit confusing.
Apparently it looks similar to Cisco 802.1X with Guest VLANs...
I'm not an HPE Employee
Don't know in ProVision based Switches...but in Comware 7 based Switches (and also in Comware 5) there should be a command (the dot1x guest-vlan) that could be what you're looking for:
dot1x guest-vlan Use dot1x guest-vlan to configure an 802.1X guest VLAN for the specified or all ports. A guest VLAN on a port accommodates users who have not performed 802.1X authentication. In the guest VLAN, users can access a limited set of network resources, such as a software server, to download anti-virus software and system patches. Use undo dot1x guest-vlan to remove the 802.1X guest VLAN on the specified or all ports. Syntax In system view: dot1x guest-vlan guest-vlan-id [ interface interface-list ] undo dot1x guest-vlan [ interface interface-list ] In Layer 2 Ethernet interface view: dot1x guest-vlan guest-vlan-id undo dot1x guest-vlan Default No 802.1X guest VLAN is configured on a port. Views System view, Layer 2 Ethernet interface view Default command level 2: System level Parameters guest-vlan-id: Specifies the ID of the VLAN to be specified as the 802.1X guest VLAN,
in the range of 1 to 4094. Make sure that the VLAN has been created and is not a super VLAN.
For more information about super VLANs, see "Layer 2тАФLAN Switching Configuration Guide".
interface interface-list: Specifies a port list.
The interface-list argument is in the format of
interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>,
where interface-type represents the port type, interface-number represents the port number,
and & <1-10> means that you can provide up to 10 ports or port ranges.
The start port number must be smaller than the end number and the two ports must be
of the same type.
If no interface is specified, you configure an 802.1X guest VLAN for all Layer 2 Ethernet ports.
Usage guidelines You must enable 802.1X for an 802.1X guest VLAN to take effect. To have the 802.1X guest VLAN take effect, complete the following tasks:
* Enable 802.1X both globally and on the interface.
* If the port performs port-based access control, enable the 802.1X multicast trigger function.
* If the port performs MAC-based access control, configure the MAC-based VLAN function on the port. When you change the access control method from MAC-based to port-based on a port that carries a guest VLAN, the mappings between MAC addresses and the 802.1X guest VLAN are removed. You can use the display mac-vlan command to display MAC-to-VLAN mappings. When you change the access control method from port-based to MAC-based on a port that is in a guest VLAN, the port is removed from the guest VLAN. To delete a VLAN that has been configured as a guest VLAN, you must first remove the guest VLAN configuration. You can configure both an Auth-Fail VLAN and an 802.1X guest VLAN on a port. Examples # Specify VLAN 999 as the 802.1X guest VLAN for port GigabitEthernet 1/0/1 <Sysname> system-view [Sysname] dot1x guest-vlan 999 interface gigabitethernet 1/0/1
# Specify VLAN 10 as the 802.1X guest VLAN for ports GigabitEthernet 1/0/2 to GigabitEthernet 1/0/5. <Sysname> system-view [Sysname] dot1x guest-vlan 10 interface gigabitethernet 1/0/2 to gigabitethernet 1/0/5
# Specify VLAN 7 as the 802.1X guest VLAN for all ports. <Sysname> system-view [Sysname] dot1x guest-vlan 7
# Specify VLAN 3 as the 802.1X guest VLAN for port GigabitEthernet 1/0/7. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/7 [Sysname-GigabitEthernet1/0/7] dot1x guest-vlan 3
and that is similar to the Cisco authentication event no-response action authorize vlan vlan-id (look for section "Configuring 802.1X with Guest VLANs" on the "Configuring 802.1X Port-Based Authentication" Chapter of a recent Cisco IOS Software Configuration Guide).
In Cisco, using the IEEE 802.1X for Guest VLANs, seems more near to what you are looking for since it's used "to enable non-802.1X-capable hosts to access networks that use 802.1X authentication."
I'm not an HPE Employee
Mumble...ProVision based Switches, considering the Port Based 802.1X authentication, should provide the command aaa port-access authenticator <port-list> [control <authorized|auto|unauthorized>]: the authorized (authentication mode) control option, also termed "Force Authorized", gives access to a device connected to the port and that device does not have to provide 802.1X credentials or support 802.1X authentication (You can still configure console, Telnet, or SSH security on the port.).
I'm not an HPE Employee