Checking the client version, The guest vlan function – H3C Technologies H3C WX3000 Series Unified Switches User Manual

23-10

z

Whether or not a supplicant system logs in through more than one network adapters (that is,
whether or not more than one network adapters are active in a supplicant system when the
supplicant system logs in).

In response to any of the three cases, the device can optionally take the following measures:

z

Only disconnects the supplicant system but sends no Trap packets.

z

Sends Trap packets without disconnecting the supplicant system.

This function needs the cooperation of 802.1x client and a CAMS server.

z

The 802.1x client needs to capable of detecting multiple network adapters, proxies, and IE proxies.

z

The CAMS server is configured to disable the use of multiple network adapters, proxies, or IE
proxies.

By default, an 802.1x client program allows use of multiple network adapters, proxies, and IE proxies. In
this case, if the CAMS server is configured to disable use of multiple network adapters, proxies, or IE
proxies, it prompts the 802.1x client to disable use of multiple network adapters, proxies, or IE proxies
through messages after the supplicant system passes the authentication.

z

The client-checking function needs the support of H3C’s 802.1x client program.

z

To implement the proxy detecting function, you need to enable the function on both the 802.1x
client program and the CAMS server in addition to enabling the client version checking function on
the device by using the dot1x version-check command.

Checking the client version

With the 802.1x client version-checking function enabled, the device checks the version and validity of
an 802.1x client to prevent unauthorized users or users with earlier versions of 802.1x client from
logging in.

This function makes the device to send version-requesting packets again if the 802.1x client fails to
send version-reply packet to the device when the version-checking timer times out.

The 802.1x client version-checking function needs the support of an 802.1x client program.

The Guest VLAN function

The Guest VLAN function enables supplicant systems that are not authenticated to access network
resources in a restrained way.

The Guest VLAN function enables supplicant systems that do not have 802.1x client installed to access
specific network resources. It also enables supplicant systems that are not authenticated to upgrade
their 802.1x client programs.

With this function enabled: