1-8
Examples
# Enable port security.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] port-security enable
Notice: The port-control of 802.1x will be restricted to auto when port-security is enabled.
Please wait... Done.
port-security guest-vlan
Syntax
port-security guest-vlan vlan-id
undo port-security guest-vlan
View
Ethernet port view
Parameters
vlan-id: Specifies a guest VLAN by its VLAN ID in the range of 1 to 4094. The VLAN must already exist.
Description
Use the port-security guest-vlan command to specify an existing VLAN as the guest VLAN of a port.
Use the undo port-security guest-vlan command to remove the guest VLAN configuration.
By default, no guest VLAN is specified for a port.
Note that:
z Only an existing VLAN can be specified as a guest VLAN. Make sure the guest VLAN of the port
contain the resources that the users need.
z If one user of the port has passed or is undergoing authentication, you cannot specify a guest
VLAN for it.
z When a user using a port with a guest VLAN specified fail the authentication, the port is added to
the guest VLAN.
z Multiple users may connect to one port in the macAddressOrUserLoginSecure mode for
authentication; however, after a guest VLAN is specified, a maximum of one user can pass the
security authentication. In this case, the authentication client software of the other 802.1x users
displays messages about the failure; MAC address authentication does not have any client
software and therefore no such messages will be displayed.
z To change the security mode from macAddressOrUserLoginSecure mode of a port that is
assigned to a guest VLAN, execute the undo port-security guest-vlan command first to remove
the guest VLAN configuration.
z For a port configured with both the port-security guest-vlan and port-security intrusion-mode
disableport commands, when authentication of a user fails, only the intrusion detection feature is
triggered. The port is not added to the specified guest VLAN.
z It is not recommended to configure the port-security guest-vlan and port-security
intrusion-mode blockmac commands simultaneously for a port. Because when the
To Next Page
Loading...
