9 dot1x guest-vlan, X guest, Vlan – PLANET WGSW-52040 User Manual
Page 633
39-173
39.9 dot1x guest-vlan
Command:
dot1x guest-vlan <vlanid>
no dot1x guest-vlan
Function:
Set the guest-vlan of the specified port; the “no dot1x guest-vlan” command is used to delete the guest-vlan.
Parameters:
Command Mode:
Port Mode.
Default Settings:
There is no 802.1x guest-vlan function on the port.
User Guide:
The access device will add the port into Guest VLAN if there is no supplicant getting authenticated successfully in a
certain stretch of time because of lacking exclusive authentication supplicant system or the version of the supplicant
system being too low.
In Guest VLAN, users can get 802.1x supplicant system software, update supplicant system or update some other
applications (such as anti-virus software, the patches of operating system). When a user of a port within Guest VLAN
starts an authentication, the port will remain in Guest VLAN in the case of a failed authentication. If the authentication
finishes successfully, there are two possible results:
The authentication server assigns an Auto VLAN, causing the port to leave Guest VLAN to join the assigned
Auto VLAN. After the user gets offline, the port will be allocated back into the specified Guest VLAN.
The authentication server assigns an Auto VLAN, then the port leaves Guest VLAN and joins the specified
VLAN. When the user becomes offline, the port will be allocated to the specified Guest VLAN again.
Attention:
There can be different Guest VLAN set on different ports, while only one Guest VLAN is allowed on one port.
Only when the access control mode is portbased, the Guest VLAN can take effect. If the access control mode
of the port is macbased or userbased, the Guest VLAN can be successfully set without taking effect.
Examples:
Set Guest-VLAN of port Ethernet1/3 as VLAN 10.
Switch(Config-If-Ethernet1/3)#dot1xguest-vlan 10