General Security Measures
4-167
4
Use this command to enable dynamic VLAN assignment for an authenticated port.
Use the
no
form to disable dynamic VLAN assignment.
Syntax
[
no
]
network-access dynamic-vlan
Default Setting
Enabled
Command Mode
Interface Configuration
Command Usage
• When enabled, the VLAN identifiers returned by the RADIUS server will be
applied to the port, providing the VLANs have already been created on the
switch. GVRP is not used to create the VLANs.
• The VLAN settings specified by the first authenticated MAC address are
implemented for a port. Other authenticated MAC addresses on the port must
have the same VLAN configuration, or they are treated as authentication
failures.
• If dynamic VLAN assignment is enabled on a port and the RADIUS server
returns no VLAN configuration, the authentication is still treated as a success.
• When the dynamic VLAN assignment status is changed on a port, all
authenticated addresses are cleared from the secure MAC address table.
Example
The following example enables dynamic VLAN assignment on port 1.
Use this command to assign all traffic on a port to a guest VLAN when network
access (MAC authentication) or 802.1X authentication is rejected. Use the
no
form
of this command to disable guest VLAN assignment.
Syntax
network-access guest-vlan
vlan-id
no network-access guest-vlan
vlan-id
- VLAN ID (Range: 1-4094)
Default Setting
Disabled
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#
Summary of Contents for 6152PL2 FICHE
Page 2: ......
Page 6: ...vi ...
Page 8: ...viii ...
Page 32: ...Tables xxxii ...
Page 38: ...Figures xxxviii ...
Page 56: ...Initial Configuration 2 10 2 ...
Page 378: ...Configuring the Switch 3 322 3 ...
Page 817: ......