Guest vlan configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual

1-13

[Switch-Ethernet1/0/1] quit

[Switch] port-security timer disableport 30

Guest VLAN Configuration Example

Network requirements

As shown in

Figure 1-2

, Ethernet 1/0/2 connects to a PC and a printer, which are not used at the same

time. Configure the port to operate in macAddressOrUserLoginSecure mode and specify a guest

VLAN for the port.

z

The PC must pass 802.1x authentication to connect to the network while the printer must pass

MAC address authentication to achieve network connectivity.

z

The switch’s port Ethernet 1/0/3 connects to the Internet. This port is assigned to VLAN 1. Normally,

the port Ethernet 1/0/2 is also assigned to VLAN.

z

VLAN 10 is intended to be a guest VLAN. It contains an update server for users to download and

upgrade their client software. When a user fails authentication, port Ethernet 1/0/2 is added to

VLAN 10. Then the user can access only VLAN 10. The port goes back to VLAN 1 when the user

passes authentication.

Figure 1-2 Network diagram for guest VLAN configuration

Configuration procedure

The following configuration steps include configurations of AAA and RADIUS. For details about these

commands, refer to AAA Command. The configurations on the 802.1x client and the RADIUS server

are omitted.

# Configure RADIUS scheme 2000.

<Switch> system-view