3com WX3000 User Manual
1-5
z
Guest VLANs are implemented in the mode of adding a port to a VLAN. For example, when
multiple users are connected to a port, if the first user fails in the authentication, the other users can
access only the contents of the Guest VLAN. The device will re-authenticate only the first user
accessing this port, and the other users cannot be authenticated again. Thus, if more than one
client is connected to a port, you cannot configure a Guest VLAN for this port.
z
After users that are connected to an existing port failed to pass authentication, the device adds the
port to the Guest VLAN. Therefore, the Guest VLAN can separate unauthenticated users on an
access port. When it comes to a trunk port or a hybrid port, if a packet itself has a VLAN tag and be
in the VLAN that the port allows to pass, the packet will be forwarded perfectly without the influence
of the Guest VLAN. That is, packets can be forwarded to the VLANs other than the Guest VLAN
through the trunk port and the hybrid port, even users fail to pass authentication.
Follow these steps to configure a Guest VLAN:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
interface-number
—
Configure the Guest VLAN for
the current port
the current port
mac-authentication
guest-vlan vlan-id
guest-vlan vlan-id
Required
By default, no Guest VLAN is
configured for a port by
default.
configured for a port by
default.
Return to system view
quit
—
Configure the interval at which
the device re-authenticates
users in Guest VLANs
the device re-authenticates
users in Guest VLANs
mac-authentication timer
guest-vlan-reauth interval
guest-vlan-reauth interval
Optional
By default, the device
re-authenticates the users in
Guest VLANs at the interval of
30 seconds by default.
re-authenticates the users in
Guest VLANs at the interval of
30 seconds by default.