The Features Of Vlan Allocation - Planet Networking & Communication WGSW-50040 Configuration Manual

authenticated. The user-based advanced control will restrict the access to limited resources, only
some particular users of the port can access limited resources before being authenticated. Once
those users pass the authentication, they can access all resources.
Attention: when using private supplicant systems, user-based advanced control is recommended to effectively
prevent ARP cheat.
The maximum number of the authenticated users can be 4000, but less than 2000 will be preferred.

25.1.8 The Features of VLAN Allocation

1. Auto VLAN
Auto VLAN feature enables RADIUS server to change the VLAN to which the access port belongs, based on
the user information and the user access device information. When an 802.1x user passes authentication on
the server, the RADIUS server will send the authorization information to the device, if the RADIUS server has
enabled the VLAN-assigning function, then the following attributes should be included in the Access-Accept
messages:

Tunnel-Type = VLAN (13)

Tunnel-Medium-Type = 802 (6)

Tunnel-Private-Group-ID = VLANID
The VLANID here means the VID of VLAN, ranging from 1 to 4094. For example, Tunnel-Private-Group-ID =
30 means VLAN 30.
When the switch receives the assigned Auto VLAN information, the current Access port will leave the VLAN
set by the user and join Auto VLAN.
Auto VLAN won't change or affect the port's configuration. But the priority of Auto VLAN is higher than that of
the user-set VLAN, that is Auto VLAN is the one takes effect when the authentication is finished, while the
user-set VLAN do not work until the user become offline.
At present, Auto VLAN can only be used in the port-based access control mode,
and on the ports whose link type is Access.
2. Guest VLAN
Guest VLAN feature is used to allow the unauthenticated user to access some specified resources.
The user authentication port belongs to a default VLAN (Guest VLAN) before passing the 802.1x
authentication, with the right to access the resources within this VLAN without authentication. But the
resources in other networks are beyond reach. Once authenticated, the port will leave Guest VLAN, and the
user can access the resources of other networks.
In Guest VLAN, users can get 802.1x supplicant system software, update supplicant system or update some
other applications (such as anti-virus software, the patches of operating system). The access device will add
the port into Guest VLAN if there is no supplicant getting authenticated successfully in a certain stretch of time
because of lacking exclusive authentication supplicant system or the version of the supplicant system being
25-12