Network-access dynamic-vlan, Network-access guest-vlan – LevelOne FGL-2870 User Manual

Command Line Interface

4-166

4

network-access dynamic-vlan

Use this command to enable dynamic VLAN assignment for an authenticated port.
Use the no form to disable dynamic VLAN assignment.

Syntax

[no] network-access dynamic-vlan

Default Setting

Enabled

Command Mode

Interface Configuration

Command Usage

• When enabled, the VLAN identifiers returned by the RADIUS server will be

applied to the port, providing the VLANs have already been created on the
switch. GVRP is not used to create the VLANs.

• The VLAN settings specified by the first authenticated MAC address are

implemented for a port. Other authenticated MAC addresses on the port must
have the same VLAN configuration, or they are treated as authentication
failures.

• If dynamic VLAN assignment is enabled on a port and the RADIUS server

returns no VLAN configuration, the authentication is still treated as a success.

• When the dynamic VLAN assignment status is changed on a port, all

authenticated addresses are cleared from the secure MAC address table.

Example

The following example enables dynamic VLAN assignment on port 1.

network-access guest-vlan

Use this command to assign all traffic on a port to a guest VLAN when network
access (MAC authentication) or 802.1X authentication is rejected. Use the no form
of this command to disable guest VLAN assignment.

Syntax

network-access guest-vlan vlan-id
no network-access guest-vlan

vlan-id - VLAN ID (Range: 1-4094)

Default Setting

Disabled

Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#