Guest Vlan; Cli Examples - Dell PowerConnect M6220 Configuration Manual

Configuration guide

Hide thumbs Also See for PowerConnect M6220:

User configuration manual (1294 pages)

Getting started manual (182 pages)

Configuration manual (1246 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

page of 126

/ 126
Contents
Table of Contents
Bookmarks

Table of Contents

VLANID is 12-bits and has a value between 1 and 4093.

Guest VLAN

The Guest VLAN feature allows a switch to provide a distinguished service to unauthenticated users.

This feature provides a mechanism to allow visitors and contractors to have network access to reach

external network with no ability to browse information on the internal LAN.

In port-based 802.1X mode, when a client that does not support 802.1X is connected to an unauthorized

port that is 802.1X-enabled, the client does not respond to the 802.1X requests from the switch.

Therefore, the port remains in the unauthorized state, and the client is not granted access to the

network. If a guest VLAN is configured for that port, then the port is placed in the configured guest

VLAN and the port is moved to the authorized state, allowing access to the client. However, if the port is

in MAC-based 802.1X authentication mode, it will not move to the authorized state. MAC-based mode

makes it possible for both authenticated and guest clients to use the same port at the same time.

Client devices that are 802.1X-supplicant-enabled authenticate with the switch when they are plugged

into the 802.1X-enabled switch port. The switch verifies the credentials of the client by communicating

with an authentication server. If the credentials are verified, the authentication server informs the switch

to 'unblock' the switch port and allows the client unrestricted access to the network; i.e., the client is a

member of an internal VLAN.

Beginning with software release 2.1, Guest VLAN Supplicant mode is configured on a per-port basis.

When a port is configured for Guest VLAN in this mode, if a client fails authentication on the port, the

client is assigned to the guest VLAN configured on that port. The port is assigned a Guest VLAN ID and

is moved to the authorized status. Disabling the supplicant mode does not clear the ports that are

already authorized and assigned Guest VLAN IDs.

CLI Examples

The following examples show how to configure the switch to accept RADIUS-assigned VLANs and Guest

VLANs. The examples assume that the RADIUS server and VLAN information has already been

configured on the switch. For information about how to configure VLANs, see "Virtual LANs" on

page 25.

Example #1: Allow the Switch to Accept RADIUS-Assigned VLANs

The RADIUS server can place a port in a particular VLAN based on the result of the authentication. The

command in this example allows the switch to accept VLAN assignment by the RADIUS server.

The feature is available in release 2.1 and later.

console#config

console(config)#aaa authorization network radius

Example #2: Enable Guest VLANs

This example shows how to set the guest VLAN on interface 1/g20 to VLAN 100. This command

automatically enables the Guest VLAN Supplicant Mode on the interface.

Device Security

Table of Contents

Show Quick Links

Quick Links:
System Configuration

Hide quick links:

Table of Contents

Guest Vlan; Cli Examples - Dell PowerConnect M6220 Configuration Manual

Guest VLAN

CLI Examples

Hide quick links:

Related Manuals for Dell PowerConnect M6220

Related Content for Dell PowerConnect M6220

Table of Contents