9 dot1x guest-vlan, X guest, Vlan – PLANET WGSW-52040 User Manual

39-173

39.9 dot1x guest-vlan

Command:

dot1x guest-vlan <vlanid>

no dot1x guest-vlan

Function:

Set the guest-vlan of the specified port; the “no dot1x guest-vlan” command is used to delete the guest-vlan.

Parameters:

<vlanid> the specified VLAN id, ranging from 1 to 4094.

Command Mode:

Port Mode.

Default Settings:

There is no 802.1x guest-vlan function on the port.

User Guide:

The access device will add the port into Guest VLAN if there is no supplicant getting authenticated successfully in a

certain stretch of time because of lacking exclusive authentication supplicant system or the version of the supplicant

system being too low.

In Guest VLAN, users can get 802.1x supplicant system software, update supplicant system or update some other

applications (such as anti-virus software, the patches of operating system). When a user of a port within Guest VLAN

starts an authentication, the port will remain in Guest VLAN in the case of a failed authentication. If the authentication

finishes successfully, there are two possible results:



The authentication server assigns an Auto VLAN, causing the port to leave Guest VLAN to join the assigned

Auto VLAN. After the user gets offline, the port will be allocated back into the specified Guest VLAN.



The authentication server assigns an Auto VLAN, then the port leaves Guest VLAN and joins the specified

VLAN. When the user becomes offline, the port will be allocated to the specified Guest VLAN again.

Attention:



There can be different Guest VLAN set on different ports, while only one Guest VLAN is allowed on one port.



Only when the access control mode is portbased, the Guest VLAN can take effect. If the access control mode

of the port is macbased or userbased, the Guest VLAN can be successfully set without taking effect.

Examples：

Set Guest-VLAN of port Ethernet1/3 as VLAN 10.

Switch(Config-If-Ethernet1/3)#dot1xguest-vlan 10