1-13
[Switch-Ethernet1/0/1] quit
[Switch] port-security timer disableport 30
Guest VLAN Configuration Example
Network requirements
As shown in Figure 1-2, Ethernet 1/0/2 connects to a PC and a printer, which are not used at the same
time. Configure the port to operate in macAddressOrUserLoginSecure mode and specify a guest
VLAN for the port.
z The PC must pass 802.1x authentication to connect to the network while the printer must pass
MAC address authentication to achieve network connectivity.
z The switch’s port Ethernet 1/0/3 connects to the Internet. This port is assigned to VLAN 1. Normally,
the port Ethernet 1/0/2 is also assigned to VLAN.
z VLAN 10 is intended to be a guest VLAN. It contains an update server for users to download and
upgrade their client software. When a user fails authentication, port Ethernet 1/0/2 is added to
VLAN 10. Then the user can access only VLAN 10. The port goes back to VLAN 1 when the user
passes authentication.
Figure 1-2 Network diagram for guest VLAN configuration
Configuration procedure
The following configuration steps include configurations of AAA and RADIUS. For details about these
commands, refer to AAA Command. The configurations on the 802.1x client and the RADIUS server
are omitted.
# Configure RADIUS scheme 2000.
<Switch> system-view
To Next Page
Loading...