58
CHAPTER 3
CLI CONFIGURATION
[guest-vlan]: Enable guest VLAN. A Guest VLAN is a special VLAN typically with limited network access.
When checked, the individual ports' ditto setting determines whether the port can be moved into Guest
VLAN. When unchecked, the ability to move to the Guest VLAN is disabled on all ports.
[radius-qos]: Enable RADIUS assigned QoS.
[radius-vlan]: Enable RADIUS VLAN. RADIUS-assigned VLAN provides a means to centrally control the VLAN
on which a successfully authenticated supplicant is placed on the switch. Incoming traffic will be classified to
and switched on the RADIUS-assigned VLAN. The RADIUS server must be configured to transmit special
RADIUS attributes to take advantage of this feature.
Example:
Enable guest VLAN service.
Negation:
(config)# no dot1x feature { [ guest-vlan ] [ radius-qos ] [ radius-vlan ] }
3.9.8.8 (config)# dot1x guest-vlan
Syntax:
(config)# dot1x guest-vlan <value>
Explanation:
Configure a guest VLAN ID.
Parameters:
<value:1-4095>: Specify the guest VLAN ID. The allowed VLAN ID range is from 1 to 4095.
Negation:
(config)# no dot1x guest-vlan
3.9.8.9 (config)# dot1x guest-vlan supplicant
Syntax:
(config)# dot1x guest-vlan supplicant
Explanation:
Enable Guest VLAN supplicant function. The switch remembers if an EAPOL frame has been received on
the port for the life-time of the port. Once the switch considers whether to enter the Guest VLAN, it will first check if
this option is enabled or disabled.
Whe
n enabled, the switch does not maintain the EAPOL packet history and allows
clients that fail authentication to access the guest VLAN, regardless of whether EAPOL packets had been detected on
the interface. Clients that fail authentication can access the guest VLAN.
Negation:
(config)# no dot1x guest-vlan supplicant
3.9.8.10 (config)# dot1x max-requth-req
Syntax:
(config)# dot1x max-reauth-req <value>
Explanation:
The maximum number of times the switch transmits an EAPOL Request Identity frame without receiving
a response before adding a port to the Guest VLAN. The value can only be changed when the Guest VLAN option is
globally enabled. The range is 1 – 255.
# config t
(config)# dot1x feature guest-vlan
Summary of Contents for IFS-1604GSM Series
Page 385: ......