Optional) Enabling The S9300 To Send Handshake Packets To Online Users - Huawei Quidway S9300 Configuration Manual

Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Context
When the guest VLAN is enabled, the S9300 sends authentication request packets to all the
interface on which 802.1x is enabled. If an interface does not return a response when the
maximum number of times for re-authentication is reached, the S9300 adds this interface to the
guest VLAN. Then users in the guest VLAN can access resources in the guest VLAN without
802.1x authentication. Authentication, however, is required when such users access external
resources. Thus certain resources are available for users without authentication.
You can configure the guest VLAN in the following ways.
Procedure
l
l
----End
2.4.14 (Optional) Enabling the S9300 to Send Handshake Packets to
Online Users
Context
The S9300 can send handshake packets to a Huawei client to detect whether the user is online.
Issue 06 (2010–01–08)
NOTE
The configured guest VLAN cannot be the default VLAN of the interface.
In the system view:
1. Run:
system-view
The system view is displayed.
2. Run:
dot1x guest-vlan vlan-id interface { interface-type interface-number1
[ to interface-number2 ] } &<1-10>
The guest VLAN is configured on interfaces.
You can configure the guest VLAN on interfaces in batches by specifying the interface
list in the dot1x guest-vlan command in the system view.
In the interface view:
1. Run:
system-view
The system view is displayed.
2. Run:
interface { ethernet | gigabitethernet } interface-number
The interface view is displayed.
3. Run:
dot1x guest-vlan vlan-id
The guest VLAN is configured on the interface.
By default, no guest VLAN is configured on an interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 NAC Configuration
2-19