ZyXEL Communications Plumbing Product metrogigabit switch User Manual
Chapter 18 Port Authentication
MGS3700-12C User’s Guide
199
18.2.2 Guest VLAN
When 802.1x port authentication is enabled on the Switch and its ports, clients
that do not have the correct credentials are blocked from using the port(s). You
can configure your Switch to have one VLAN that acts as a guest VLAN. If you
enable the guest VLAN (102 in the example) on a port (2 in the example), the
user (A in the example) that is not IEEE 802.1x capable or fails to enter the
correct username and password can still access the port, but traffic from the user
is forwarded to the guest VLAN. That is, unauthenticated users can have access to
limited network resources in the same guest VLAN, such as the Internet. The
that do not have the correct credentials are blocked from using the port(s). You
can configure your Switch to have one VLAN that acts as a guest VLAN. If you
enable the guest VLAN (102 in the example) on a port (2 in the example), the
user (A in the example) that is not IEEE 802.1x capable or fails to enter the
correct username and password can still access the port, but traffic from the user
is forwarded to the guest VLAN. That is, unauthenticated users can have access to
limited network resources in the same guest VLAN, such as the Internet. The
Max-Req
Specify the number of times the Switch tries to authenticate client(s)
before sending unresponsive ports to the Guest VLAN.
before sending unresponsive ports to the Guest VLAN.
This is set to 2 by default. That is, the Switch attempts to authenticate a
client twice. If the client does not respond to the first authentication
request, the Switch tries again. If the client still does not respond to the
second request, the Switch sends the client to the Guest VLAN. The
client needs to send a new request to be authenticated by the Switch
again.
client twice. If the client does not respond to the first authentication
request, the Switch tries again. If the client still does not respond to the
second request, the Switch sends the client to the Guest VLAN. The
client needs to send a new request to be authenticated by the Switch
again.
Reauth
Specify whether a subscriber has to periodically re-enter his or her
username and password to stay connected to the port.
username and password to stay connected to the port.
Reauth-period
Specify how often a client has to re-enter his or her username and
password to stay connected to the port.
password to stay connected to the port.
Quiet-period
Specify the number of seconds the port remains in the HELD state and
rejects further authentication requests from the connected client after a
failed authentication exchange.
rejects further authentication requests from the connected client after a
failed authentication exchange.
Tx-period
Specify the number of seconds the Switch waits for client’s response
before re-sending an identity request to the client.
before re-sending an identity request to the client.
Supp-Timeout
Specify the number of seconds the Switch waits for client’s response to a
challenge request before sending another request.
challenge request before sending another request.
Apply
Click Apply to save your changes to the Switch’s run-time memory. The
Switch loses these changes if it is turned off or loses power, so use the
Save link on the top navigation panel to save your changes to the non-
volatile memory when you are done configuring.
Switch loses these changes if it is turned off or loses power, so use the
Save link on the top navigation panel to save your changes to the non-
volatile memory when you are done configuring.
Cancel
Click Cancel to begin configuring this screen afresh.
Table 47 Advanced Application > Port Authentication > 802.1x (continued)
LABEL
DESCRIPTION