Guest vlan – H3C Technologies H3C S7500E Series Switches User Manual
Page 100
5-10
z
If the port link type is Access, the port leaves its initial VLAN, that is, the VLAN configured
for it and joins the assigned VLAN.
z
If the port link type is Trunk, the assigned VLAN is allowed to pass the current trunk port.
The default VLAN ID of the port is that of the assigned VLAN.
z
If the port link type is Hybrid, the assigned VLAN is allowed to pass the current port without
carrying the tag. The default VLAN ID of the port is that of the assigned VLAN. Note that if
the Hybrid port is configured with MAC-based VLAN, the device will dynamically create a
MAC-based VLAN according to the VLAN assigned by the authentication server, and
remain the default VLAN ID of the port unchanged.
The assigned VLAN neither changes nor affects the configuration of a port. However, as the
assigned VLAN has higher priority than the initial VLAN of the port, it is the assigned VLAN that
takes effect after a user passes authentication. After the user logs off, the port returns to the
initial VLAN of the port.
For more information about VLAN configuration, see VLAN Configuration in the Layer 2 –
LAN Switching Configuration Guide.
z
With a Hybrid port, the VLAN assignment will fail if you have configured the assigned VLAN
to carry tags.
z
With a Hybrid port, you cannot configure an assigned VLAN to carry tags after the VLAN
has been assigned.
z
When you enable the MAC VLAN function on a port, if there is one or more online 802.1X
users on the port, the MAC VLAN function takes effect only when the user passes
re-authentication and the server assigns a VLAN different from that assigned for the last
authentication. For more information about the MAC VLAN function, see VLAN
Configuration in the Layer 2 – LAN Switching Configuration Guide.
Guest VLAN
Guest VLAN allows unauthenticated users to access a specified VLAN, where the users can,
for example, download or upgrade the client software, or execute some user upgrade programs.
This VLAN is called the guest VLAN.
Depending on the port access control method, a guest VLAN can be a port-based guest VLAN
(PGV) or a MAC-based guest VLAN (MGV).
1) PGV
PGV refers to the guest VLAN configured on a port that uses the port-based access control
method. With PGV configured on a port, if no user initiates authentication or no user passes
authentication on the port in a certain period of time (90 seconds by default), the port will be
added to the guest VLAN and all users accessing the port will be authorized to access the
resources in the guest VLAN. The device adds a PGV-configured port into the guest VLAN
according to the port’s link type in the similar way as described in