Dot1X Guest-Vlan - H3C s3100 series Command Manual

Related command: display dot1x.
Example
# Configure to authenticate a supplicant system when it applies for a dynamic IP address through
DHCP.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] dot1x dhcp-launch

dot1x guest-vlan

Syntax
dot1x guest-vlan vlan-id [ interface interface-list ]
undo dot1x guest-vlan [ interface interface-list ]
View
System view, Ethernet port view
Parameter
vlan-id: VLAN ID of a Guest VLAN, in the range 1 to 4094.
interface-list: Ethernet port list, in the form of interface-list= { interface-type interface-number [ to
interface-type interface-number ] } &<1-10>, in which interface-type specifies the type of an Ethernet
port and interface-number is the number of the port. The string "&<1-10>" means that up to 10 port lists
can be provided.
Description
Use the dot1x guest-vlan command to enable the Guest VLAN function for ports.
Use the undo dot1x guest-vlan command to disable the Guest VLAN function for ports.
After 802.1x and guest VLAN are properly configured on a port:
If the switch receives no response from the port after sending EAP-Request/Identity packets to the
port for the maximum number of times, the switch will add the port to the guest VLAN.
Users in a guest VLAN can access the guest VLAN resources without 802.1x authentication.
However, they have to pass the 802.1x authentication to access the external resources.
In system view,
If you do not provide the interface-list argument, these two commands apply to all the ports of the
switch.
If you specify the interface-list argument, these two commands apply to the specified ports.
In Ethernet port view, the interface-list argument is not available and these two commands apply to only
the current Ethernet port.
1-7