Displaying and Maintaining 802.1x 729
n
■ You can specify a tagged VLAN as the guest VLAN for a Hybrid port, but the
guest VLAN does not take effect. Similarly, if a guest VLAN for a Hybrid port is
in operation, you cannot configure the guest VLAN to carry tags.
■ Configurations in system view are effective to all ports while configurations in
interface view are effective to the current port only.
■ If a port’s access control method is portbased, its guest VLAN can take effect;
if a port’s access control method is macbased, its guest VLAN can be
configured but cannot take effect.
■ A port can be configured with only one guest VLAN. But different ports can
have different guest VLANs.
c
CAUTION: If the data flows from a user-side device include VLAN tags, and
802.1x and guest VLAN are enabled on the access port, you are recommended to
configure different VLAN IDs for the Voice VLAN, the default port VLAN, and the
guest VLAN of 802.1x.
Displaying and
Maintaining 802.1x
802.1x Configuration
Example
Network requirements
■ The access control method of macbased is required on the port to control
supplicants.
■ All supplicants belong to default domain aabbcc.net, which can accommodate
up to 30 users. RADIUS authentication is performed at first, and then local
authentication when no response from the RADIUS server is received. If the
RADIUS accounting fails, the authenticator gets users offline.
■ A server group with two RADIUS servers is connected to the switch. The IP
addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former
as the primary authentication/secondary accounting server, and the latter as
the secondary authentication/primary accounting server.
■ Set the shared key for the switch to exchange packets with the authentication
server and the accounting server as secret.
Configure the guest VLAN for
specified or all ports
dot1x guest-vlan vlan-id
[ interface interface-list ]
Required
By default, a port is
configured with no guest
VLAN.
Or in Ethernet interface view
interface interface-type
interface-number
dot1x guest-vlan vlan-id
To do… Use the command… Remarks
To do… Use the command… Remarks
Display 802.1x session
information, statistics, or
configuration information of
specified or all ports
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
Available in any view
Clear 802.1x statistics reset dot1x statistics
[ interface interface-list ]
Available in user view
To Next Page
Loading...
