Network-access dynamic-vlan, Network-access guest-vlan, Network-access – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual
Page 253: Guest-vlan
Brocade 6910 Ethernet Access Switch Configuration Guide
197
53-1002651-02
10
Network Access (MAC Address Authentication)
Example
The following example enables the dynamic QoS feature on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-qos
Console(config-if)#
network-access dynamic-vlan
Use this command to enable dynamic VLAN assignment for an authenticated port. Use the no form
to disable dynamic VLAN assignment.
Syntax
[no] network-access dynamic-vlan
Default Setting
Enabled
Command Mode
Interface Configuration
Command Usage
•
When enabled, the VLAN identifiers returned by the RADIUS server through the 802.1X
authentication process will be applied to the port, providing the VLANs have already been
created on the switch. GVRP is not used to create the VLANs.
•
The VLAN settings specified by the first authenticated MAC address are implemented for a
port. Other authenticated MAC addresses on the port must have same VLAN configuration, or
they are treated as an authentication failure.
•
If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no VLAN
configuration, the authentication is still treated as a success, and the host assigned to the
default untagged VLAN.
•
When the dynamic VLAN assignment status is changed on a port, all authenticated addresses
are cleared from the secure MAC address table.
Example
The following example enables dynamic VLAN assignment on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#
network-access guest-vlan
Use this command to assign all traffic on a port to a guest VLAN when 802.1x authentication is
rejected. Use the no form of this command to disable guest VLAN assignment.
Syntax
network-access guest-vlan vlan-id
no network-access guest-vlan
vlan-id - VLAN ID (Range: 1-4093)