DGS-6604
mm
dot1x guest-vlan
CLI Reference Guide
174
dot1x guest-vlan
Use this command to enable the 802.1X guest VLAN function and specify the
guest VLAN. Use the no form of this command to disable the guest VLAN
function.
dot1x guest-vlan
VLAN-ID
no dot1x guest-vlan
Syntax
None
Default
Disabled
Command Mode
Interface configuration
Usage Guideline
This command is only valid for physical port interfaces.
The guest VLAN is not supported in host-based mode.
The guest VLAN is only effective when a port is configured as 1X-enabled and
dot1x port-control is in auto mode.
This command only supports ports in access VLAN mode. When configuring a
guest VLAN for a port in other VLAN modes, an error messages appears.
The VLAN assignment of the guest VLAN is determined by following rules:
• If the guest VLAN is enabled, and the authentication state is unauthor-
ized, the port belongs to the guest VLAN.
• If the guest VLAN is enabled with the authentication state authorized, and
if RADIUS is authorizing VLAN access then the configured port will
belong to the VLAN assigned by RADIUS server, else the port belong to
the VLAN configured in the VLAN module.
• If guest VLAN is disabled, and the authentication state is unauthorized,
the port belongs to the VLAN configured in VLAN module.
• If guest VLAN is disabled, with the authentication state authorized, and if
RADIUS is authorizing VLAN access then the configured port will belong
to the VLAN assigned by RADIUS server, else the port belong to the
VLAN configured in the VLAN module.
• For a port configured for guest VLAN or RADIUS assigned VLAN, if the
configured VLAN is not existing on the switch, the port will belong to the
VLAN configured in VLAN module.
Examples
The example, on the next page, shows how to make eth4.1 join the IEEE 802.1x
guest VLAN.
Summary of Contents for DGS-6600 Series
Page 1: ...0 9 3 ...