9 dot1x guest-vlan, X guest, Vlan – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

The function can only be enabled when 802.1x function is enabled both globally and on the port,

with userbased being the control access mode. After it is enabled, users can send IPv6 messages

without authentication.

Examples:

Enable IPv6 passthrough function on port Ethernet1/12.

Switch(config)#dot1x enable

Switch(config)#interface ethernet 1/12

Switch(Config-If-Ethernet1/12)#dot1x enable

Switch(Config-If-Ethernet1/12)#dot1x ipv6 passthrough

22.9 dot1x guest-vlan

Command:

dot1x guest-vlan <vlanid>

no dot1x guest-vlan

Function:

Set the guest-vlan of the specified port; the “no dot1x guest-vlan” command is used to delete the

guest-vlan.

Parameters:

<vlanid> the specified VLAN id, ranging from 1 to 4094.

Command Mode:

Port Mode.

Default Settings:

There is no 802.1x guest-vlan function on the port.

User Guide: User Guide:

The access device will add the port into Guest VLAN if there is no supplicant getting authenticated

successfully in a certain stretch of time because of lacking exclusive authentication supplicant

system or the version of the supplicant system being too low.

In Guest VLAN, users can get 802.1x supplicant system software, update supplicant system or

update some other applications (such as anti-virus software, the patches of operating system).

When a user of a port within Guest VLAN starts an authentication, the port will remain in Guest

VLAN in the case of a failed authentication. If the authentication finishes successfully, there are two

possible results:



The authentication server assigns an Auto VLAN, causing the port to leave Guest VLAN to join

the assigned Auto VLAN. After the user gets offline, the port will be allocated back into the

specified Guest VLAN.