Guest Vlan Configuration Example - H3C S5600 Series Operation Manual
Hide thumbs
Also See for S5600 Series:
- Operation manual (1278 pages) ,
- Configuration (313 pages) ,
- Operation manual (1096 pages)
Table of Contents
Advertisement
# Set the timer for the switch to send real-time accounting packets to the RADIUS server
to 15 minutes.
[Switch-radius-radius1] timer realtime-accounting 15
# Configure the switch to send a username without the domain name to the RADIUS server.
[Switch-radius-radius1] user-name-format without-domain
[Switch-radius-radius1] quit
# Create a domain named aabbcc.net and enter its view.
[Switch] domain aabbcc.net
# Specify the RADIUS scheme for the domain.
[Switch-isp-aabbcc.net] scheme radius-scheme radius1
# Enable the idle disconnecting function and set the related parameters.
[Switch-isp-aabbcc.net] idle-cut enable 20 2000
[Switch-isp-aabbcc.net] quit
# Set aabbcc.net as the default user domain.
[Switch] domain default enable aabbcc.net
# Configure the switch to use the MAC address as username and password for
authentication, specifying that the MAC address should be lowercase without separators.
[Switch]
mac-authentication
without-hyphen
# Specify the ISP domain for MAC authentication.
[Switch] mac-authentication domain aabbcc.net
# Enable port security.
[Switch] port-security enable
# Set the port security mode to macAddressAndUserLoginSecureExt.
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1]
mac-and-userlogin-secure-ext
Guest VLAN Configuration Example
Network requirements
As shown in
Figure
same time. Configure the port to operate in macAddressOrUserLoginSecure mode and
specify a guest VLAN for the port.
The PC must pass 802.1X authentication to connect to the network while the printer
must pass MAC authentication to achieve network connectivity.
The switch's port GE1/0/3 connects to the Internet. This port is assigned to VLAN 1.
Normally, the port GE1/0/2 is also assigned to VLAN.
VLAN 10 is intended to be a guest VLAN. It contains an update server for users to
download and upgrade their client software. When a user fails authentication, port
GE1/0/2 is added to VLAN 10. Then the user can access only VLAN 10. The port goes
back to VLAN 1 when the user passes authentication.
authmode
1-10, GE1/0/2 connects to a PC and a printer, which are not used at the
usernameasmacaddress
port-security
1-26
usernameformat
port-mode
- Quick Links:
- Audience
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
