Interlogix NS3552-8P-2S-V2 User Manual page 223

Object
Guest VLAN Enabled
Port State
Restart
NS3552-8P-2S-V2 User Manual
Description
range '0' - '9', which is interpreted as a decimal string representing the VLAN
ID. Leading '0's are discarded. The final value must be in the range [1;
4095].
When Guest VLAN is both globally enabled and enabled (selected) for a
given port, the switch considers moving the port into the Guest VLAN
according to the rules outlined below.
This option is only available for EAPOL-based modes (i.e., Port-based
802.1X, Single 802.1X, and Multi 802.1X)
For troubleshooting VLAN assignments, use the "Monitor > VLANs > VLAN
Membership and VLAN Port" pages. These pages show which modules
have (temporarily) overridden the current Port VLAN configuration.
Guest VLAN Operation:
When a Guest VLAN enabled port link comes up, the switch starts
transmitting EAPOL Request Identity frames. If the number of transmissions
of such frames exceeds Max. Reauth. Count and no EAPOL frames have
been received in the meantime, the switch considers entering the Guest
VLAN. The interval between transmission of EAPOL Request Identity frames
is configured with EAPOL Timeout. If Allow Guest VLAN if EAPOL Seen is
enabled, the port is placed in the Guest VLAN. If disabled, the switch will first
check its history to see if an EAPOL frame has previously been received on
the port (this history is cleared if the port link goes down or the port's Admin
State is changed), and if not, the port is placed in the Guest VLAN.
Otherwise, it will not move to the Guest VLAN but continue transmitting
EAPOL Request Identity frames at the rate given by EAPOL Timeout.
Once in the Guest VLAN, the port is considered authenticated, and all
attached clients on the port are allowed access on this VLAN. The switch will
not transmit an EAPOL Success frame when entering the Guest VLAN.
While in the Guest VLAN, the switch monitors the link for EAPOL frames,
and if one such frame is received, the switch immediately takes the port out
of the Guest VLAN and starts authenticating the supplicant according to the
port mode. If an EAPOL frame is received, the port will never be able to go
back into the Guest VLAN if the
box is deselected.
The current state of the port. It can undertake one of the following values:
Disabled: NAS is globally disabled.
Globally
Down: NAS is globally enabled, but there is no link on the port.
Link
Authorized: The port is in force authorized or a single-supplicant mode and
the supplicant is authorized.
Unauthorized: The port is in force unauthorized or a single-supplicant mode
and the supplicant is not successfully authorized by the RADIUS server.
Unauth: The port is in a multi-supplicant mode. Currently X clients
X Auth/Y
are authorized and Y are unauthorized.
Two buttons are available for each row. The buttons are only enabled when
authentication is globally enabled and the port's Admin State is in an
EAPOL-based or MAC-based mode.
Clicking these buttons will not cause settings changed on the page to take
effect.
Reauthenticate: Schedules a reauthentication to whenever the quiet-period
of the port runs out (EAPOL-based authentication). For MAC-based
authentication, reauthentication is attempted immediately.
The button only has an effect for successfully authenticated clients on the
port and will not cause the clients to get temporarily unauthorized.
Allow Guest VLAN if EAPOL Seen
Chapter 4: Web configuration
check
221