Enabling dhcp-triggered authentication, Configuring guest vlan – H3C Technologies H3C WX3000 Series Unified Switches User Manual

23-17

As for the dot1x version-user command, if you execute it in system view without specifying the

interface-list

argument, the command applies to all ports. You can also execute this command in port

view. In this case, this command applies to the current port only and the interface-list argument is not
needed.

Enabling DHCP-triggered Authentication

After performing the following configuration, 802.1x allows running DHCP on access users, and users
are authenticated when they apply for dynamic IP addresses through DHCP.

Follow these steps to enable DHCP-triggered authentication:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable DHCP-triggered
authentication

dot1x dhcp-launch

Required
By default, DHCP-triggered
authentication is disabled.

Configuring Guest VLAN

Follow these steps to configure Guest VLAN:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the access control
method on ports

dot1x

port-method portbased

Required
The default access control method
on ports is MAC-based. That is, the
macbased

keyword is used by

default.

Enable the Guest VLAN function

dot1x guest-vlan

vlan-id

[ interface interface-list ]

Required
By default, the Guest VLAN
function is disabled.

z

The Guest VLAN function is available only when the device operates in the port-based access
control mode.

z

Only one Guest VLAN can be configured for each device.

z

The Guest VLAN function cannot be implemented if you configure the dot1x dhcp-launch
command on the device to enable DHCP-triggered authentication. This is because the device does
not send authentication packets unsolicitedly in that case.