C613-50055-01 REV A Command Reference for x230 Series Edge Switches 855
AlliedWare Plusâ„¢ Operating System - Version 5.4.5-0.x
AUTHENTICATION COMMANDS
AUTH
GUEST-VLAN
auth guest-vlan
Overview This command enables and configures the Guest VLAN feature on the interface
specified by associating a Guest VLAN with an interface. This command does not
start authentication. The supplicant's (client device’s) traffic is associated with the
native VLAN of the interface if its not already associated with another VLAN. The
routing option enables routing from the Guest VLAN to another VLAN, so the
switch can lease DHCP addresses and accept access to a limited network.
The no variant of this command disables the guest vlan feature on the interface
specified.
Syntax
auth guest-vlan <1-4094> [routing]
no auth guest-vlan [routing]
Default The Guest VLAN authentication feature is disabled by default.
Mode Interface Configuration for a static channel, a dynamic (LACP) channel group, or a
switch port.
Usage The Guest VLAN feature may be used by supplicants (client devices) that have not
attempted authentication, or have failed the authentication process. Note that if a
port is in multi-supplicant mode with per-port dynamic VLAN configuration, after
the first successful authentication, subsequent hosts cannot use the guest VLAN
due to the change in VLAN ID. This may be avoided by using per-user dynamic
VLAN assignment.
When using the Guest VLAN feature with the multi-host mode, a number of
supplicants can communicate via a guest VLAN before authentication. A
supplicant’s traffic is associated with the native VLAN of the specified switch port.
The supplicant must belong to a VLAN before traffic from the supplicant can be
associated.
Note that you must first define the VLAN with the vlan command that you will
assign as a guest VLAN using this command. Also note that 802.1X must first be
enabled on the port.
Guest VLAN authentication cannot be enabled if DHCP snooping is enabled
(service dhcp-snooping command), and vice versa.
The Guest VLAN feature in previous releases had some limitations that have been
removed. Until this release the Guest VLAN feature could not lease the IP address
to the supplicant using DHCP Server or DHCP Relay features unless
Web-Authentication was also applied. When using NAP authentication, the
supplicant should have been able to log on to a domain controller to gain
certification, but the Guest VLAN would not accept access to another VLAN.
Parameter Description
<1-4094> VLAN ID (VID).
routing Enables routing from the Guest VLAN to other VLANs.
To Next Page
Loading...
Need help?
General
