H3C Technologies H3C S3600 Series Switches User Manual
Page 570
1-5
After a port is added to a Guest VLAN, the switch will re-authenticate the first access user of this port
(namely, the first user whose unicast MAC address is learned by the switch) periodically. If this user
passes the re-authentication, this port will exit the Guest VLAN, and thus the user can access the
network normally.
z
Guest VLANs are implemented in the mode of adding a port to a VLAN. For example, when
multiple users are connected to a port, if the first user fails in the authentication, the other users can
access only the contents of the Guest VLAN. The switch will re-authenticate only the first user
accessing this port, and the other users cannot be authenticated again. Thus, if more than one
client is connected to a port, you cannot configure a Guest VLAN for this port.
z
After users that are connected to an existing port failed to pass authentication, the switch adds the
port to the Guest VLAN. Therefore, the Guest VLAN can separate unauthenticated users on an
access port. When it comes to a trunk port or a hybrid port, if a packet itself has a VLAN tag and be
in the VLAN that the port allows to pass, the packet will be forwarded perfectly without the influence
of the Guest VLAN. That is, packets can be forwarded to the VLANs other than the Guest VLAN
through the trunk port and the hybrid port, even users fail to pass authentication.
Follow these steps to configure a Guest VLAN:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Configure the Guest VLAN for
the current port
mac-authentication
guest-vlan vlan-id
Required
By default, no Guest VLAN is
configured for a port by default.
Return to system view
quit
—
Configure the interval at which
the switch re-authenticates
users in Guest VLANs
mac-authentication timer
guest-vlan-reauth interval
Optional
By default, the switch
re-authenticates the users in
Guest VLANs at the interval of
30 seconds by default.