Network requirements – H3C Technologies H3C S5120 Series Switches User Manual

1-22

Guest VLAN and VLAN Assignment Configuration Example

Network requirements

As shown in

Figure 1-11

:

z

A host is connected to port GigabitEthernet 1/0/2 of the device and must pass 802.1X

authentication to access the Internet. GigabitEthernet 1/0/2 is in VLAN 1.

z

The authentication server runs RADIUS and is in VLAN 2.

z

The update server, which is in VLAN 10, is for client software download and upgrade.

z

Port GigabitEthernet 1/0/3 of the device, which is in VLAN 5, is for accessing the Internet.

As shown in

Figure 1-12

:

z

On port GigabitEthernet 1/0/2, enable 802.1X and set VLAN 10 as the guest VLAN of the port. If the

device sends an EAP-Request/Identity packet from the port for the maximum number of times but

still receives no response, the device adds the port to its guest VLAN. In this case, the host and the

update server are both in VLAN 10, so that the host can access the update server and download

the 802.1X client.

As shown in

Figure 1-13

:

z

After the host passes the authentication and logs on, the host is added to VLAN 5. In this case, the

host and GigabitEthernet 1/0/3 are both in VLAN 5, so that the host can access the Internet.

Figure 1-11 Network diagram for guest VLAN configuration

Internet

Update server

Authenticator server

Supplicant

VLAN 10
GE1/0/1

VLAN 1
GE1/0/2

VLAN 5
GE1/0/3

VLAN 2

GE1/0/4

Switch