H3C S3100 Series Operation Manual page 376
H3c s3100 series ethernet switches operation manual
Hide thumbs
Also See for S3100 Series:
- Command manual (1244 pages) ,
- Installation manual (94 pages) ,
- Operation manual (32 pages)
Table of Contents
Advertisement
If a user of a port in the guest VLAN initiates authentication but fails the authentication, the port will be
added to the Auth-Fail VLAN configured for the port, if any. If no Auth-Fail VLAN is configured, the port
will stay in the guest VLAN.
If a user of a port in the guest VLAN initiates authentication and passes authentication successfully, the
port leaves the guest VLAN, and:
If the authentication server assigns a VLAN, the port joins the assigned VLAN. After the user goes
offline, the port returns to its initial VLAN, that is, the VLAN the port was in before it joined the guest
VLAN.
If the authentication server assigns no VLAN, the port returns to its initial VLAN. After the client
goes offline, the port still stays in its initial VLAN.
2)
MGV
For MGV to take effect on a port, you must also enable the MAC VLAN function on the port. With both
MGV and MAC VLAN configured on a port, the device will bind the MAC addresses of unauthenticated
users with the guest VLAN of the port, allowing the unauthenticated users to access resources in the
guest VLAN.
If a user of a port in the guest VLAN initiates authentication process but fails the authentication, the
device will add the user to the Auth-Fail VLAN of the port configured for the port, if any. If no Auth-Fail
VLAN is configured, the device will keep the user in the guest VLAN.
If a user of a port in the guest VLAN initiates authentication and passes the authentication, the device
will add the user to the assigned VLAN or return the user to the initial VLAN of the port, depending on
whether the authentication server assigns a VLAN.
At present, among the S3100 series Ethernet switches, only the S3100-EI series supports the MAC
VLAN function. Thus, the S3100-EI series supports both PGV and MGV, while the S3100-SI series
supports only PGV.
Auth-Fail VLAN
The Auth-Fail VLAN feature allows users failing authentication to access a specified VLAN, which is
called the Auth-Fail VLAN. Note that failing authentication means being denied by the authentication
server due to reasons such as wrong password. Authentication failures caused by authentication
timeout or network connection problems do not fall into this category.
Similar to a guest VLAN, an Auth-Fail VLAN can be a port-based Auth-Fail VLAN (PAFV) or a
MAC-based Auth-Fail VLAN (MAFV), depending on the VLAN assignment mode.
1)
PAFV
With PAFV configured on a port, if a user on the port fails authentication, the port will be added to the
Auth-Fail VLAN and all users accessing the port will be authorized to access the resources in the
Auth-Fail VLAN.
If a user of a port in the Auth-Fail VLAN initiates authentication but fails the authentication, the port stays
in the Auth-Fail VLAN. If the user passes the authentication successfully, the port leaves the Auth-Fail
VLAN, and:
1-11
Advertisement
Chapters
Table of Contents
Troubleshooting
