86
Ste
Command
Remarks
2. (Optional.) Set the periodic
reauthentication timer.
dot1x timer reauth-period
reauth-period-value
The default is 3600 seconds.
3. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
4. Enable periodic online user
reauthentication.
dot1x re-authenticate By default, the feature is disabled.
5. (Optional.) Enable the
keep-online feature for 802.1X
users.
dot1x re-authenticate
server-unreachable keep-online
By default, this feature is disabled,
and the device logs off online
802.1X users if no authentication
server is reachable for 802.1X
reauthentication.
Configuring an 802.1X guest VLAN
Configuration guidelines
When you configure an 802.1X guest VLAN, follow these guidelines:
• You can configure only one 802.1X guest VLAN on a port. The 802.1X guest VLANs on different
ports can be different.
• Assign different IDs to the voice VLAN, the port VLAN, and the 802.1X guest VLAN on a port. The
assignment makes sure the port can correctly process incoming VLAN-tagged traffic.
• When you configure multiple security features on a port, follow the guidelines in Table 7.
Table 7 Relationships
of the 802.1X guest VLAN and other security features
Feature Relationshi
descri
tion
Reference
802.1X Auth-Fail VLAN
on a port that performs
MAC-based access
control
The 802.1X Auth-Fail VLAN has a higher
priority than the 802.1X guest VLAN.
See "802.1X VLAN
manipulation."
Port intrusion protection
actions on a port that
performs MAC-based
access control
The 802.1X guest VLAN feature has higher
priority than the block MAC action.
The 802.1X guest VLAN feature has lower
priority than the shutdown port action of the port
intrusion protection feature.
See "Configuring port
security."
Configuration prerequisites
Before you configure an 802.1X guest VLAN, complete the following tasks:
• Create the VLAN to be specified as the 802.1X guest VLAN.
• If the 802.1X-enabled port performs MAC-based access control, perform the following operations
for the port:
{ Configure the port as a hybrid port.
To Next Page
Loading...
Need help?
General