Guest VLAN
Configuration
Configure Guest VLAN in
Ethernet port view
Guest VLAN
Configuration Example
When the Guest VLAN function is enabled:
The switch broadcasts active authentication packets to all 802.1x-enabled ports.
■
The switch adds the ports that do not return response packets to Guest VLAN
■
When the maximum number of authentication retries is reached.
Users belonging to the Guest VLAN can access the resources of the Guest VLAN
■
without being authenticated. But they need to be authenticated before accessing
external resources.
Prerequisites
The ports operate in port-based authentication mode.
■
The VLAN specified to be the Guest VLAN already exists.
■
Configuring Guest VLAN in system view
Table 426 Configure Guest VLAN in system view
Operation
Enter system view
Configure Guest VLAN
for specified ports
Table 427 Configure Guest VLAN in Ethernet port view
Operation
Enter system view
Enter Ethernet port view interface interface-type
Configure Guest VLAN
for the port
The Guest VLAN function is available only when the switch operates in the port-based
authentication mode.
Only one Guest VLAN can be configured for a switch.
Supplicant systems that are not authenticated, fail to pass the authentication, or are
offline belong to Guest VLANs.
Network requirements
Create VLAN 2.
■
Configure Ethernet1/0/1 port to operate in port-based authentication mode.
■
Configure Guest VLAN for Ethernet1/0/1 port.
■
802.1x Client Version Checking Configuration 401
Command
system-view
dot1x guest-vlan vlan-id [
interface interface-list ]
Command
system-view
interface-num
dot1x guest-vlan vlan-id
Description
—
Required
This operation applies to all ports
of the switch if you do not provide
the interface-list argument. And if
you specify the interface-list
argument, the operation applies to
the specified Ethernet ports.
Description
—
—
Required
This operation configures Guest
VLAN for the current port only.