Enabling/Disabling Guest Vlan - Huawei Quidway S6500 Series Operation Manual
Hide thumbs
Also See for Quidway S6500 Series:
- Supplementary manual (5 pages) ,
- Command manual (845 pages)
Table of Contents
Advertisement
Operation Manual - Security
Quidway S6500 Series Ethernet Switches
PEAP: As a kind of EAP protocol, protected EAP (PEAP) first establishes an
encrypted transport layer security (TLS) channel to provide integrity protection,
and then initiates a new type of EAP negotiation, to accomplish identity
authentication to the client.
If you want to enable PEAP, EAP-TLS or EAP-MD5 authentication method on an
Ethernet switch, you only need to use the command dot1x authentication-method
eap to enable EAP authentication.
Perform the following configurations in system view.
Table 1-7 Configuring the authentication method for 802.1x user
Configure authentication method for
802.1x user
Restore
method for 802.1x user
By default, CHAP authentication is used for 802.1x user authentication.
1.2.8 Enabling/Disabling Guest VLAN
After the Guest VLAN function is enabled, the switch broadcasts active authentication
packets to all ports on which 802.1x are enabled. If there is still some ports do not return
response packets after being re-authenticated for maximum times, the switch adds this
ports into Guest VLAN. After that, no 802.1x authentication is performed when the user
of the Guest VLAN visits the resources within this Guest VLAN. However, if the user
visits the outer resources, authentication is still needed. In this way, the requirements of
allowing unauthenticated users to access some resources are met, such as, the user
accesses some resources without installing 802.1x client, or the user upgrades 802.1x
client without authentication, and so on.
Perform the following configuration in system view or Ethernet port view.
Table 1-8 Enabling/disabling Guest VLAN
Operation
Enabling Guest VLAN
Disabling Guest VLAN
Note the following:
Guest VLAN is only supported in the port-based authentication mode.
A switch only can be configured with one Guest VLAN.
Operation
the
default
authentication
dot1x guest-vlan vlan-id [ interface interface-list ]
undo dot1x guest-vlan vlan-id [ interface interface-list ]
Huawei Technologies Proprietary
dot1x authentication-method { chap |
pap | eap }
undo dot1x authentication-method
Command
1-7
Chapter 1 802.1x Configuration
Command
- Quick Links:
- Function Features
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
