Network-Access Dynamic-Vlan; Network-Access Guest-Vlan - Edge-Core ES3510MA Management Manual

Use this command to enable dynamic VLAN assignment for an
network-access
authenticated port. Use the no form to disable dynamic VLAN assignment.
dynamic-vlan
S
YNTAX
D
EFAULT
Enabled
C
OMMAND
Interface Configuration
C
OMMAND
◆
◆
◆
◆
E
XAMPLE
The following example enables dynamic VLAN assignment on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#
Use this command to assign all traffic on a port to a guest VLAN when
network-access
network access (MAC authentication) or 802.1x authentication is rejected.
guest-vlan
Use the no form of this command to disable guest VLAN assignment.
S
YNTAX
D
EFAULT
Disabled
[no] network-access dynamic-vlan
S
ETTING
M
ODE
U
SAGE
When enabled, the VLAN identifiers returned by the RADIUS server will
be applied to the port, providing the VLANs have already been created
on the switch. GVRP is not used to create the VLANs.
The VLAN settings specified by the first authenticated MAC address are
implemented for a port. Other authenticated MAC addresses on the
port must have same VLAN configuration, or they are treated as an
authentication failure.
If dynamic VLAN assignment is enabled on a port and the RADIUS
server returns no VLAN configuration, the authentication is still treated
as a success, and the host assigned to the default untagged VLAN.
When the dynamic VLAN assignment status is changed on a port, all
authenticated addresses are cleared from the secure MAC address
table.
network-access guest-vlan vlan-id
no network-access guest-vlan
vlan-id - VLAN ID (Range: 1-4093)
S
ETTING
– 645 –
| General Security Measures
C 25
HAPTER
Network Access (MAC Address Authentication)