Dot1X Handshake - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Parameters
guest-vlan-id: Specifies the ID of the VLAN to be specified as the 802.1X guest VLAN. The value
range is 1 to 4094. Make sure that the VLAN has been created and is not a super VLAN. For more
information about super VLANs, see Layer 2—LAN Switching Configuration Guide.
interface interface-list: Specifies a port list. The interface-list argument is in the format of
interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>,
where interface-type represents the port type, interface-number represents the port number, and &
<1-10> means that you can provide up to 10 ports or port ranges. The start port number must be
smaller than the end number and the two ports must be of the same type. If no interface is specified,
you configure an 802.1X guest VLAN for all Layer 2 Ethernet ports.
Usage guidelines
You must enable 802.1X for an 802.1X guest VLAN to take effect.
Guest VLAN is supported on ports that perform port-based access control.
To have the 802.1X guest VLAN take effect, complete the following tasks:
•
Enable 802.1X both globally and on the interface.
•
Enable the 802.1X multicast trigger function.
To delete a VLAN that has been configured as a guest VLAN, you must remove the guest VLAN
configuration first.
You can configure both an Auth-Fail VLAN and an 802.1X guest VLAN on a port.
Examples
# Specify VLAN 999 as the 802.1X guest VLAN for port GigabitEthernet 3/0/1
<Sysname> system-view
[Sysname] dot1x guest-vlan 999 interface gigabitethernet 3/0/1
# Specify VLAN 10 as the 802.1X guest VLAN for ports GigabitEthernet 3/0/2 to GigabitEthernet
3/0/5.
<Sysname> system-view
[Sysname] dot1x guest-vlan 10 interface gigabitethernet 3/0/2 to gigabitethernet 3/0/5
# Specify VLAN 7 as the 802.1X guest VLAN for all ports.
<Sysname> system-view
[Sysname] dot1x guest-vlan 7
# Specify VLAN 3 as the 802.1X guest VLAN for port GigabitEthernet 3/0/7.
<Sysname> system-view
[Sysname] interface gigabitethernet 3/0/7
[Sysname-GigabitEthernet3/0/7] dot1x guest-vlan 3
Related commands
•
dot1x
•
dot1x port-method
•
dot1x multicast-trigger
•
mac-vlan enable and display mac-vlan (Layer 2—LAN Switching Command Reference)
dot1x handshake
Use dot1x handshake to enable the online user handshake function. The function enables the
device to periodically send handshake messages to the client to check whether a user is online.
Use undo dot1x handshake to disable the function.
116
Advertisement
Table of Contents
