1-8
System View: return to User View with Ctrl+Z.
[Sysname] dot1x dhcp-launch
dot1x guest-vlan
Syntax
dot1x guest-vlan vlan-id [ interface interface-list ]
undo dot1x guest-vlan [ interface interface-list ]
View
System view, Ethernet port view
Parameter
vlan-id: VLAN ID of a Guest VLAN, in the range 1 to 4094.
interface-list: Ethernet port list, in the form of interface-list= { interface-type interface-number [ to
interface-type interface-number ] } &<1-10>, in which interface-type specifies the type of an Ethernet
port and interface-number is the number of the port. The string “&<1-10>” means that up to 10 port lists
can be provided.
Description
Use the dot1x guest-vlan command to enable the Guest VLAN function for ports.
Use the undo dot1x guest-vlan command to disable the Guest VLAN function for ports.
After 802.1x and guest VLAN are properly configured on a port:
z If the switch receives no response from the port after sending EAP-Request/Identity packets to the
port for the maximum number of times, the switch will add the port to the guest VLAN.
z Users in a guest VLAN can access the guest VLAN resources without 802.1x authentication.
However, they have to pass the 802.1x authentication to access the external resources.
In system view,
z If you do not provide the interface-list argument, these two commands apply to all the ports of the
switch.
z If you specify the interface-list argument, these two commands apply to the specified ports.
In Ethernet port view, the interface-list argument is not available and these two commands apply to only
the current Ethernet port.
z The Guest VLAN function is available only when the switch operates in the port-based
authentication mode.
z Only one Guest VLAN can be configured on a switch.
z The Guest VLAN function is unavailable when the dot1x dhcp-launch command is executed on
the switch, because the switch does not send authentication request packets in this case.
To Next Page
Loading...
Need help?
General