Enabling DHCP-triggered Authentication
After performing the following configuration, 802.1x allows running DHCP on access users, and users
are authenticated when they apply for dynamic IP addresses through DHCP.
Follow these steps to enable DHCP-triggered authentication:
To do...
Enter system view
Enable DHCP-triggered
authentication
Configuring Guest VLAN
Follow these steps to configure guest VLAN:
To do...
Enter system view
Configure the access control
method of ports
Enable the
guest VLAN
function
Caution:
The guest VLAN function is available only when the switch operates in the port-based access
control mode.
Only one guest VLAN can be configured for each switch.
The guest VLAN function cannot be implemented if you configure the dot1x dhcp-launch
command on the switch to enable DHCP-triggered authentication. This is because the switch does
not send authentication packets in that case.
Configuring 802.1x Re-Authentication
Follow these steps to enable 802.1x re-authentication:
Use the command...
system-view
dot1x dhcp-launch
Use the command...
system-view
dot1x port-method portbased
In system
dot1x guest-vlan vlan-id
view
[ interface interface-list ]
interface interface-type
interface-number
In port view
dot1x guest-vlan vlan-id
quit
1-18
Remarks
—
Required
By default, DHCP-triggered
authentication is disabled.
Remarks
—
Required
The default access control
method on a port is
MAC-based. That is, the
macbased keyword is used by
default.
Required
By default, the guest VLAN
function is disabled.