DES-3010F/DES-3010FL/DES-3010G/DES-3018/DES-3026 Fast Ethernet Switch Manual
Parameter Description
From and To
Ports being configured for 802.1x settings.
Capability
Two role choices can be selected:
Authenticator - A user must pass the authentication process to gain access to the network.
None - The port will not be controlled by the 802.1x functions.
Guest VLANs
Figure 10- 16. Guest VLAN Authentication Process
On 802.1X security enabled networks, there is a need for no
802.1X supported devices to gain limited access to the network,
due to lack of the proper 802.1X software or incompatible
devices, such as computers running Windows 98 or lowe
operating systems, or the need for guests to gain access to the
network without full authorization or local authentication on the
Switch. To supplement these circumstances, this switch no
implements Guest 802.1X VLANs. These VLANs should have
limited access rights and features separate from other VLANs o
the network.
To implement Guest 802.1X VLANs, the user must first create a
VLAN on the network with limited rights and then enable it as a
802.1X guest VLAN. Then the administrator must configure the
guest accounts accessing the Switch to be placed in a Gues
VLAN when trying to access the Switch. Upon initial entry to the
Switch, the client wishing services on the Switch will need to be
authenticated by a remote RADIUS Server or local authenticatio
on the Switch to be placed in a fully operational VLAN. I
authenticated and the authenticator posseses the VLAN
lacement information, that client will be accepted into the full
operational target VLAN and normal switch functions will be
open to the client. If the authenticator does not have target VLAN
lacement information, the client will be returned to its
originating VLAN. Yet, if the client is denied authentication b
the authenticator, it will be placed in the Guest VLAN where i
has limited ri
hts and access. The ad
acent fi
ure should
ive the
Limitations Using the Guest VLAN
1. Ports supporting Guest VLANs cannot be GVRP enabled and vice versa.
2. A port cannot be a member of a Guest VLAN and a static VLAN simultaneously.
3. Once a client has been accepted into the target VLAN, it can no longer access the Guest VLAN.
4. If a port is a member of multiple VLANs, it cannot become a member of the Guest VLAN.
127
To Next Page
Loading...
