Table of Contents
Advertisement
[Switch-Ethernet1/0/1] mac-address security 0001-0002-0003 vlan 1
# Configure the port to be silent for 30 seconds after intrusion protection is triggered.
[Switch-Ethernet1/0/1] port-security intrusion-mode disableport-temporarily
[Switch-Ethernet1/0/1] quit
[Switch] port-security timer disableport 30
Guest VLAN Configuration Example
Network requirements
As shown in
Figure
time. Configure the port to operate in macAddressOrUserLoginSecure mode and specify a guest
VLAN for the port.
The PC must pass 802.1x authentication to connect to the network while the printer must pass
MAC address authentication to achieve network connectivity.
The switch's port Ethernet 1/0/3 connects to the Internet. This port is assigned to VLAN 1. Normally,
the port Ethernet 1/0/2 is also assigned to VLAN.
VLAN 10 is intended to be a guest VLAN. It contains an update server for users to download and
upgrade their client software. When a user fails authentication, port Ethernet 1/0/2 is added to
VLAN 10. Then the user can access only VLAN 10. The port goes back to VLAN 1 when the user
passes authentication.
Figure 1-2 Network diagram for guest VLAN configuration
Update server
VLAN 10
Guest VLAN 10: VLAN 1
PC
Printer
Configuration procedure
The following configuration steps include configurations of AAA and RADIUS. For details about these
commands, refer to AAA Command. The configurations on the 802.1x client and the RADIUS server
are omitted.
1-2, Ethernet 1/0/2 connects to a PC and a printer, which are not used at the same
VLAN 10
VLAN 2
Eth1/0/1
Eth1/0/4
VLAN 1
Eth1/0/2
Eth1/0/3
Switch
Hub
Authentication server
Internet
1-13
- Quick Links:
- Cli Configuration
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
