Port-Security Guest-Vlan - 3Com 5500-EI PWR Reference Manual
Hide thumbs
Also See for 5500-EI PWR:
- Install manual (1072 pages) ,
- Getting started manual (118 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
Examples
# Enable port security.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] port-security enable
Notice: The port-control of 802.1x will be restricted to auto when port-security is enabled.
Please wait... Done.
port-security guest-vlan
Syntax
port-security guest-vlan vlan-id
undo port-security guest-vlan
View
Ethernet port view
Parameters
vlan-id: Specifies a guest VLAN by its VLAN ID in the range of 1 to 4094. The VLAN must already exist.
Description
Use the port-security guest-vlan command to specify an existing VLAN as the guest VLAN of a port.
Use the undo port-security guest-vlan command to remove the guest VLAN configuration.
By default, no guest VLAN is specified for a port.
Note that:
Only an existing VLAN can be specified as a guest VLAN. Make sure the guest VLAN of the port
contain the resources that the users need.
If one user of the port has passed or is undergoing authentication, you cannot specify a guest
VLAN for it.
When a user using a port with a guest VLAN specified fail the authentication, the port is added to
the guest VLAN and users of the port can access only the resources in the guest VLAN.
Multiple users may connect to one port in the macAddressOrUserLoginSecure mode for
authentication; however, after a guest VLAN is specified, a maximum of one user can pass the
security authentication. In this case, the authentication client software of the other 802.1x users
displays messages about the failure; MAC address authentication does not have any client
software and therefore no such messages will be displayed.
To change the security mode from macAddressOrUserLoginSecure mode of a port that is
assigned to a guest VLAN, execute the undo port-security guest-vlan command first to remove
the guest VLAN configuration.
For a port configured with both the port-security guest-vlan and port-security intrusion-mode
disableport commands, when authentication of a user fails, only the intrusion detection feature is
triggered. The port is not added to the specified guest VLAN.
It is not recommended to configure the port-security guest-vlan and port-security
intrusion-mode blockmac commands simultaneously for a port. Because when the
1-8
Advertisement
Chapters
Table of Contents
