Dot1x guest-vlan – Dell POWEREDGE M1000E User Manual

Page 163

Advertising
background image

2-133

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Command Reference

OL-13271-03

Chapter 2 Cisco Catalyst Blade Switch 3130 and 3032 for Dell Cisco IOS Commands

dot1x guest-vlan

dot1x guest-vlan

Use the dot1x guest-vlan interface configuration command on the switch stack or on a standalone switch
to specify an active VLAN as an IEEE 802.1x guest VLAN. Use the no form of this command to return
to the default setting.

dot1x guest-vlan vlan-id

no dot1x guest-vlan

Syntax Description

Defaults

No guest VLAN is configured.

Command Modes

Interface configuration

Command History

Usage Guidelines

You can configure a guest VLAN on one of these switch ports:

A static-access port that belongs to a nonprivate VLAN.

A private-VLAN port that belongs to a secondary private VLAN. All the hosts connected to the
switch port are assigned to private VLANs, whether or not the posture validation was successful.
The switch determines the primary private VLAN by using the primary- and
secondary-private-VLAN associations on the switch.

For each IEEE 802.1x port on the switch, you can configure a guest VLAN to provide limited services
to clients (a device or workstation connected to the switch) not running IEEE 802.1x authentication.
These users might be upgrading their systems for IEEE 802.1x authentication, and some hosts, such as
Windows 98 systems, might not be IEEE 802.1x-capable.

When you enable a guest VLAN on an IEEE 802.1x port, the switch assigns clients to a guest VLAN
when it does not receive a response to its Extensible Authentication Protocol over LAN (EAPOL)
request/identity frame or when EAPOL packets are not sent by the client.

The switch maintains the EAPOL packet history. If another EAPOL packet is detected on the interface
during the lifetime of the link, the guest VLAN feature is disabled. If the port is already in the guest
VLAN state, the port returns to the unauthorized state, and authentication restarts. The EAPOL history
is reset upon loss of link.

To allow clients that failed authentication access to the network, you can use a restricted VLAN by
entering the dot1x auth-fail vlan vlan-id interface configuration command.

vlan-id

Specify an active VLAN as an IEEE 802.1x guest VLAN. The range is 1
to 4094.

Release

Modification

12.2(40)EX1

This command was introduced.

Advertising
Popular Brands
Popular manuals