Configuring Guest Vlan For A Port In Macaddressoruserloginsecure Mode - H3C S3100 Series Operation Manual
H3c s3100 series ethernet switches operation manual
Hide thumbs
Also See for S3100 Series:
- Command manual (1244 pages) ,
- Installation manual (94 pages) ,
- Operation manual (32 pages)
Table of Contents
Advertisement
If you configure the NTK feature and execute the port-security intrusion-mode blockmac command
on the same port, the switch will be unable to disable the packets whose destination MAC address is
illegal from being sent out that port; that is, the NTK feature configured will not take effect on the packets
whose destination MAC address is illegal.
Configuring the Trap feature
Follow these steps to configure port security trapping:
To do...
Enter system view
Enable sending traps for the
specified type of event
Configuring Guest VLAN for a Port in macAddressOrUserLoginSecure mode
Users fails the authentication can access certain specified VLAN. This VLAN is called guest VLAN. For
details about guest VLAN, refer to the sections covering 802.1x and System-Guard.
A port in macAddressOrUserLoginSecure mode supports guest VLAN configurations. The port can
connect multiple users; but services only one user at a time.
1)
When the first user of the port initiates 802.1x or MAC address authentication:
If the user fails the authentication, the port is added to the guest VLAN, and all the other users of
the port are authorized to access the guest VLAN.
If the user passes the authentication, authentication requests from other users are not handled
because only one user is allowed to pass authentication using the port. The other users will fail the
authentication, but the port will not be added to the guest VLAN.
2)
After the port is added to the guest VLAN:
The users of the port can initiate 802.1x authentication. If a user passes authentication, the port
leaves the guest VLAN and is added to the original VLAN, that is, the one the port belongs to before
it is added to the guest VLAN). The port then does not handle other users' authentication requests.
MAC address authentication is also allowed. However, MAC authentication in this case cannot be
triggered by user requests; the switch will use the first MAC address learned in the guest VLAN to
initiate MAC address authentication at a certain interval. If the authentication succeeds, the port
leaves the guest VLAN.
Follow these steps to configure a guest VLAN for a port in macAddressOrUserLoginSecure mode:
Use the command...
system-view
port-security trap { addresslearned |
dot1xlogfailure | dot1xlogoff | dot1xlogon |
intrusion | ralmlogfailure | ralmlogoff |
ralmlogon }
1-8
Remarks
—
Required
By default, no
trap is sent.
Advertisement
Chapters
Table of Contents
Troubleshooting
