Network-access guest-vlan, Network-access link-detection – Accton Technology Edge-corE Fast Ethernet Switch ES3528M-SFP User Manual

Authentication Commands

4-125

4

• The VLAN settings specified by the first authenticated MAC address are

implemented for a port. Other authenticated MAC addresses on the port must
have same VLAN configuration, or they are treated as authentication failure.

• If dynamic VLAN assignment is enabled on a port and the RADIUS server

returns no VLAN configuration, the authentication is still treated as a success.

• When the dynamic VLAN assignment status is changed on a port, all

authenticated addresses are cleared from the secure MAC address table.

Example

The following example enables dynamic VLAN assignment on port 1.

network-access guest-vlan

Use this command to assign all traffic on a port to a guest VLAN when network
access (MAC authentication) or 802.1x authentication is rejected. Use the no form
of this command to disable guest VLAN assignment.

Syntax

network-access guest-vlan vlan-id
no network-access guest-vlan

Default Setting

Disabled

Command Mode

Interface Configuration

Command Usage

• The VLAN to be used as the guest VLAN must be defined and set as active

(“vlan database” on page 4-242).

• When used with 802.1x authentication, the intrusion-action configuration

must be set for ‘guest-vlan’ to be effective (“dot1x intrusion-action” on
page 4-118).

Example

network-access link-detection

Use this command to enable the link detection feature. Use the no form of this
command to restore the default.

Syntax

[no] network-access link-detection

Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#

Console(config)#interface ethernet 1/1
Console(config-if)#network-access guest-vlan 25
Console(config-if)#