Auth Guest-Vlan - Allied Telesis x310-26FT Command Reference Manual

A C
UTHENTICATION OMMANDS
-
AUTH GUEST VLAN

auth guest-vlan

Overview This command enables and configures the Guest VLAN feature on the interface
specified by associating a Guest VLAN with an interface. This command does not
start authentication. The supplicant's (client device's) traffic is associated with the
native VLAN of the interface if its not already associated with another VLAN. The
routing option enables routing from the Guest VLAN to another VLAN, so the
switch can lease DHCP addresses and accept access to a limited network.
The no variant of this command disables the guest VLAN feature on the interface
specified.
auth guest-vlan <1-4094> [routing]
Syntax
no auth guest-vlan [routing]
Default The Guest VLAN authentication feature is disabled by default.
Mode Interface Configuration for a static channel, a dynamic (LACP) channel group, or a
switch port; or Authentication Profile mode.
Usage The Guest VLAN feature may be used by supplicants (client devices) that have not
attempted authentication, or have failed the authentication process. Note that if a
port is in multi-supplicant mode with per-port dynamic VLAN configuration, after
the first successful authentication, subsequent hosts cannot use the guest VLAN
due to the change in VLAN ID. This may be avoided by using per-user dynamic
VLAN assignment.
When using the Guest VLAN feature with the multi-host mode, a number of
supplicants can communicate via a guest VLAN before authentication. A
supplicant's traffic is associated with the native VLAN of the specified switch port.
The supplicant must belong to a VLAN before traffic from the supplicant can be
associated.
Note that you must enable 802.1X on the port and define a VLAN using the
command before you can configure it as a guest VLAN.
Roaming Authentication cannot be enabled if DHCP snooping is enabled
dhcp-snooping
The Guest VLAN feature in previous releases had some limitations that have been
removed. Until this release the Guest VLAN feature could not lease the IP address
to the supplicant using DHCP Server or DHCP Relay features unless
Web-Authentication was also applied. When using NAP authentication, the
supplicant should have been able to log on to a domain controller to gain
certification, but the Guest VLAN would not accept access to another VLAN.
C613-50103-01 REV A
Parameter Description
<1-4094>
VLAN ID (VID).
routing
Enables routing from the Guest VLAN to other VLANs.
command), and vice versa.
Command Reference for x310 Series
AlliedWare Plus™ Operating System - Version 5.4.6-1.x
vlan
(service
1593