Configuring An 802.1X Guest Vlan - H3C S5500-SI Series Operation Manual

information about the user-name-format command, refer to AAA Commands in the Security
Volume.
If the username of a client contains the version number or one or more blank spaces, you can
neither retrieve information nor disconnect the client by using the username. However, you can use
items such as IP address and connection index number to do so.
The online user handshake security function is implemented based on the online user handshake
function. To bring the security function into effect, keep the online user handshake function
enabled.
The iNode client software and iMC server are recommended to ensure the normal operation of the
online user handshake security function.
Once enabled with the 802.1X multicast trigger function, a port sends multicast trigger messages to
the client periodically to initiate authentication.
For a user-side device sending untagged traffic, the voice VLAN function and 802.1X are mutually
exclusive and cannot be configured together on the same port. For details about voice VLAN, refer
to VLAN Configuration in the Access Volume.

Configuring an 802.1X Guest VLAN

The guest VLAN function and the free IP function in EAD fast deployment are mutually exclusive on
a port.
If the traffic from a user-side device carries VLAN tags and the 802.1X authentication and guest
VLAN functions are configured on the access port, you are recommended to configure different
VLAN IDs for the voice VLAN, default VLAN of the port, and 802.1X guest VLAN. This is to ensure
the normal use of the functions.
Configuration prerequisites
Create the VLAN to be specified as the guest VLAN.
To configure a port-based guest VLAN, make sure that the port access control method is
portbased, and the 802.1X multicast trigger function is enabled.
To configure a MAC-based guest VLAN, make sure that the port access control method is
macbased and the MAC VLAN function is enabled on the port. For the MAC VLAN configuration,
refer to VLAN Configuration in the Access Volume.
Configuration procedure
Follow these steps to configure a port-based guest VLAN:
To do...
Enter system view
Configure the
guest VLAN
for specified
or all ports
Use the command...
system-view
In system dot1x guest-vlan guest-vlan-id
view [ interface interface-list ]
In Ethernet interface interface-type
interface view interface-number
1-16
Remarks
—
Required
Use either approach.
By default, a port is configured
with no guest VLAN.