H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 288
29-5
z
Guest VLANs are implemented in the mode of adding a port to a VLAN. For example, when
multiple users are connected to a port, if the first user fails in the authentication, the other users can
access only the contents of the Guest VLAN. The device will re-authenticate only the first user
accessing this port, and the other users cannot be authenticated again. Thus, if more than one
client is connected to a port, you cannot configure a Guest VLAN for this port.
z
After users that are connected to an existing port failed to pass authentication, the device adds the
port to the Guest VLAN. Therefore, the Guest VLAN can separate unauthenticated users on an
access port. When it comes to a trunk port or a hybrid port, if a packet itself has a VLAN tag and be
in the VLAN that the port allows to pass, the packet will be forwarded perfectly without the influence
of the Guest VLAN. That is, packets can be forwarded to the VLANs other than the Guest VLAN
through the trunk port and the hybrid port, even users fail to pass authentication.
Follow these steps to configure a Guest VLAN:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Configure the Guest VLAN for the
current port
mac-authentication
guest-vlan vlan-id
Required
By default, no Guest VLAN is
configured for a port by default.
Return to system view
quit
—
Configure the interval at which the
device re-authenticates users in
Guest VLANs
mac-authentication timer
guest-vlan-reauth interval
Optional
By default, the device re-authenticates
the users in Guest VLANs at the
interval of 30 seconds by default.
z
If more than one client is connected to a port, you cannot configure a Guest VLAN for this port.
z
When a Guest VLAN is configured for a port, only one MAC address authentication user can
access the port. Even if you set the limit on the number of MAC address authentication users to
more than one, the configuration does not take effect.
z
The undo vlan command cannot be used to remove the VLAN configured as a Guest VLAN. If you
want to remove this VLAN, you must remove the Guest VLAN configuration for it. Refer to VLAN in
H3C WX3000 Series Unified Switches Switching Engine Configuration Guide
for the description on
the undo vlan command.
z
Only one Guest VLAN can be configured for a port, and the VLAN configured as the Guest VLAN
must be an existing VLAN. Otherwise, the Guest VLAN configuration does not take effect. If you
want to change the Guest VLAN for a port, you must remove the current Guest VLAN and then
configure a new Guest VLAN for this port.