Configuring a guest vlan – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 287
29-4
Task
Remarks
Optional
Configuring the Maximum Number of MAC Address Authentication Users
Allowed to Access a Port
Optional
Configuring a Guest VLAN
Different from Guest VLANs described in the 802.1x and System-Guard manual, Guest VLANs
mentioned in this section refer to Guests VLANs dedicated to MAC address authentication.
After completing configuration tasks in
Configuring Basic MAC Authentication Functions
the device can authenticate access users according to their MAC addresses or according to fixed
usernames and passwords. The device will not learn MAC addresses of the clients failing in the
authentication into its local MAC address table, thus prevent illegal users from accessing the network.
In some cases, if the clients failing in the authentication are required to access some restricted
resources in the network (such as the virus library update server), you can use the Guest VLAN.
You can configure a Guest VLAN for each port of the device. When a client connected to a port fails in
MAC address authentication, this port will be added into the Guest VLAN automatically. The MAC
address of this client will also be learned into the MAC address table of the Guest VLAN, and thus the
user can access the network resources of the Guest VLAN.
After a port is added to a Guest VLAN, the device will re-authenticate the first access user of this port
(namely, the first user whose unicast MAC address is learned by the device) periodically. If this user
passes the re-authentication, this port will exit the Guest VLAN, and thus the user can access the
network normally.