Dot1x guest-vlan – Allied Telesis AT-S95 CLI User Manual

802.1x Commands

Page 327

User Guidelines

An access port cannot be a member in an unauthenticated VLAN.

The native VLAN of a trunk port cannot be an unauthenticated VLAN.

For a general port, the PVID can be an unauthenticated VLAN (although only tagged packets would be accepted
in the unauthorized state.)

Example

The following example enables access to the VLAN to unauthorized devices.

dot1x guest-vlan

The dot1x guest-vlan Interface Configuration mode command defines a guest VLAN. Use the no form of this
command to return to the default configuration.

Syntax

dot1x guest-vlan

no dot1x guest-vlan

Default Configuration

No VLAN is defined as a guest VLAN.

Command Mode

Interface Configuration (VLAN) mode

User Guidelines

Use the dot1x guest-vlan enable Interface Configuration mode command to enable unauthorized users on an
interface to access the guest VLAN.

If the guest VLAN is defined and enabled, the port automatically joins the guest VLAN when the port is
unauthorized and leaves it when the port becomes authorized. To be able to join or leave the guest VLAN, the port
should not be a static member of the guest VLAN.

Example

The following example defines VLAN 2 as a guest VLAN.

Console(config)# interface vlan 5
Console(config-if)# dot1x auth-not-req

Console#
Console# configure
Console(config)# vlan database
Console(config-vlan)# vlan 2
Console(config-vlan)# exit
Console(config)# interface vlan 2
Console(config-if)# dot1x guest-vlan