Configuration procedure, Configuring an auth-fail vlan, Configuration prerequisites – H3C Technologies H3C S5120 Series Switches User Manual

1-18

z

To configure a port-based guest VLAN, make sure that the port access control method is

portbased, and the 802.1X multicast trigger function is enabled.

Configuration procedure

Follow these steps to configure a guest VLAN:

To do…

Use the command…

Remarks

Enter system view

system-view

—

In system
view

dot1x guest-vlan guest-vlan-id
[ interface interface-list ]

interface interface-type
interface-number

Configure the
guest VLAN
for one or
more ports

In Ethernet
interface view

dot1x guest-vlan guest-vlan-id

Required

Use either approach.

By default, a port is configured
with no guest VLAN.

Different ports can be configured with different guest VLANs, but a port can be configured with only one

guest VLAN.

Configuring an Auth-Fail VLAN

If the traffic from a user-side device carries VLAN tags and the 802.1X authentication and guest VLAN

functions are configured on the access port, you are recommended to configure different VLAN IDs for

the voice VLAN, default VLAN of the port, and 802.1X guest VLAN. This is to ensure the normal use of

the functions.

Configuration prerequisites

z

Create the VLAN to be specified as the Auth-Fail VLAN.

z

To configure a port-based Auth-Fail VLAN, make sure that the port access control method is

portbased, and the 802.1X multicast trigger function is enabled.

Configuration procedure

Follow these steps to configure an Auth-Fail VLAN:

To do…

Use the command…

Remarks

Enter system view

system-view

—