beautypg.com

8 dot1x ipv6 passthrough, 9 dot1x guest-vlan, X ipv – PLANET XGS3-24040 User Manual

Page 754: Passthrough, X guest, Vlan

background image

Commands for Security Function Chapter 2 Commands for 802.1x

42-26

42.8 dot1x ipv6 passthrough

Command: dot1x ipv6 passthrough

no dot1x ipv6 passthrough

Function: Enable IPv6 passthrough function on a switch port, only applicable when access control mode

is userbased; the no operation of this command will disable the function.

Command Mode: Port Configuration Mode.

Default Settings: IPv6 passthrough function is disabled on the switch by default.

Usage Guide: The function can only be enabled when 802.1x function is enabled both globally and on

the port, with userbased being the control access mode. After it is enabled, users can send IPv6

messages without authentication.

Examples: Enable IPv6 passthrough function on port Ethernet1/12.

Switch(config)#dot1x enable

Switch(config)#interface ethernet 1/12

Switch(Config-If-Ethernet1/12)#dot1x enable

Switch(Config-If-Ethernet1/12)#dot1x ipv6 passthrough

42.9 dot1x guest-vlan

Command: dot1x guest-vlan <vlanid>

no dot1x guest-vlan

Function: Set the guest-vlan of the specified port; the “no dot1x guest-vlan” command is used to delete

the guest-vlan.

Parameters: the specified VLAN id, ranging from 1 to 4094.

Command Mode: Port Mode.

Default Settings: There is no 802.1x guest-vlan function on the port.

User Guide: The access device will add the port into Guest VLAN if there is no supplicant getting

authenticated successfully in a certain stretch of time because of lacking exclusive authentication

supplicant system or the version of the supplicant system being too low.

In Guest VLAN, users can get 802.1x supplicant system software, update supplicant system or update

some other applications (such as anti-virus software, the patches of operating system). When a user of a

port within Guest VLAN starts an authentication, the port will remain in Guest VLAN in the case of a failed

authentication. If the authentication finishes successfully, there are two possible results:

The authentication server assigns an Auto VLAN, causing the port to leave Guest VLAN to join

the assigned Auto VLAN. After the user gets offline, the port will be allocated back into the

specified Guest VLAN.

The authentication server assigns an Auto VLAN, then the port leaves Guest VLAN and joins

the specified VLAN. When the user becomes offline, the port will be allocated to the specified

Guest VLAN again.

See also other documents in the category PLANET Routers: