182
Usage guidelines
An 802.1X guest VLAN accommodates users that have not performed 802.1X authentication. In the
guest VLAN, users can access a limited set of network resources, such as a software server, to
download anti-virus software and system patches.
You cannot specify a VLAN as both a super VLAN and an 802.1X guest VLAN on a port. For more
information about super VLANs, see
Layer 2—LAN Switching Configuration Guide
.
On a port, the 802.1X guest VLAN configuration is mutually exclusive with the 802.1X guest VSI,
802.1X Auth-Fail VSI, and 802.1X critical VSI settings.
To delete a VLAN that has been configured as a guest VLAN, you must use the
undo dot1x
guest-vlan
command first.
Examples
# Specify VLAN 100 as the 802.1X guest VLAN on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dot1x guest-vlan 100
Related commands
display dot1x
dot1x guest-vlan-delay
Use
dot1x guest-vlan-delay
to enable 802.1X guest VLAN assignment delay on a port.
Use
undo dot1x guest-vlan-delay
to disable the specified 802.1X guest VLAN assignment delay
on a port.
Syntax
dot1x guest-vlan-delay
{
eapol
|
new-mac
}
undo dot1x guest-vlan-delay
[
eapol
|
new-mac
]
Default
802.1X guest VLAN assignment delay is disabled on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
eapol
: Specifies EAPOL-triggered 802.1X guest VLAN assignment delay. This keyword takes effect
if 802.1X authentication is triggered by EAPOL-Start packets.
new-mac
: Specifies new MAC-triggered 802.1X guest VLAN assignment delay. This keyword takes
effect if 802.1X authentication is triggered by packets from unknown MAC addresses.
Usage guidelines
This command enables the device to delay assigning an 802.1X-enabled port to the 802.1X guest
VLAN when 802.1X authentication is triggered on the port.
To use this feature, the 802.1X-enabled port must perform MAC-based access control.