Configuring An 802.1X Guest Vlan; Displaying And Maintaining 802.1X - H3C S5120-EI Series Operation Manual

Once enabled with the 802.1X multicast trigger function, a port sends multicast trigger messages to
the client periodically to initiate authentication.
For a user-side device sending untagged traffic, the voice VLAN function and 802.1X are mutually
exclusive and cannot be configured together on the same port. For details about voice VLAN, refer
to VLAN Configuration in the Access Volume.

Configuring an 802.1X Guest VLAN

The guest VLAN function and the free IP function in EAD fast deployment are mutually exclusive on
a port.
If the traffic from a user-side device carries VLAN tags and the 802.1X authentication and guest
VLAN functions are configured on the access port, you are recommended to configure different
VLAN IDs for the voice VLAN, default VLAN of the port, and 802.1X guest VLAN. This is to ensure
the normal use of the functions.
Configuration prerequisites
Create the VLAN to be specified as the guest VLAN.
To configure a port-based guest VLAN, make sure that the port access control method is
portbased, and the 802.1X multicast trigger function is enabled.
Configuration procedure
Follow these steps to configure a port-based guest VLAN:
To do...
Enter system view
Configure the
guest VLAN for
specified or all
ports
Different ports can be configured with different guest VLANs, but a port can be configured with only one
guest VLAN.

Displaying and Maintaining 802.1X

To do...
Display 802.1X session
information, statistics, or
configuration information of
specified or all ports
Use the command...
system-view
dot1x guest-vlan guest-vlan-id
In system view
[ interface interface-list ]
interface interface-type
In Ethernet
interface-number
interface view
dot1x guest-vlan vlan-id
Use the command...
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
1-14
Remarks
—
Required
Use either approach.
By default, a port is configured with
no guest VLAN.
Remarks
Available in any view