Table of Contents
Advertisement
Usage Guide:
The 802.1x authentication for the switch must be enabled first to enable 802.1x
authentication for the respective ports. If Spanning Tree or MAC binding is enabled on
the port, or the port is a Trunk port or member of port aggregation group, 802.1x function
cannot be enabled for that port unless such conditions are removed.
Example: Enable the 802.1x function of the switch and enable 802.1x for port 0/0/12.
Switch(Config)#dot1x enable
Switch(Config)#interface Ethernet 0/0/12
Switch(Config-Ethernet0/0/12)#dot1x enable
14.2.2.8 dot1x guest-vlan
Command:dot1x guest-vlan <vlanid>
no dot1x guest-vlan
Function:Set the guest-vlan of the specified port; the 'no dot1x guest-vlan' command is
used to delete the guest-vlan.
Parameters:<vlanid> the specified Vlan id, ranging from 1 to 4095。
Command mode:Interface Mode.
Default:There is no 802.1x guest-vlan function on the port.
User Guide:The access device will add the port into Guest VLAN if there is no supplicant
getting authenticated successfully in a certain stretch of time because of lacking
exclusive authentication supplicant system or the version of the supplicant system being
too low. In Guest VLAN, users can get 802.1x supplicant system software, update
supplicant system or update some other applications(such as anti-virus software, the
patches of operating system). When a user of a port within Guest VLAN starts an
authentication, the port will remain in Guest VLAN in the case of a failed authentication. If
the authentication finishes successfully, there are two possible results:
The authentication server assigns an Auto VLAN, causing the port to leave Guest
VLAN to join the assigned Auto VLAN. After the user gets offline, the port will be
allocated back into the specified Guest Vlan.
The authentication server assigns an Auto VLAN, then the port leaves Guest VLAn
and joins the specified VLAN. When the user becomes offline, the port will be
allocated to the specified GuestVlan again.
Attention:
There can be different Guest VLAN set on different ports, while only one Guest VLAN
is allowed on one port.
Only when the access control mode is portbased, the Guest VLAN can take effect. If
the access control mode of the port is macbased or userbased, the Guest VLAN can
be successfully set without taking effect.
Example:Set Guest-Vlan of port Ethernet1/3 as Vlan 10.
Switch(Config-Ethernet0/0/3)#dot1xguest-vlan 10
14.2.2.9 dot1x macfilter enable
DCS-3950 series Ethernet switch manual
231
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
