3com 8807 사용자 가이드
802.1x Configuration
227
VLAN when the maximum number of re-authentications is reached. Users in a
Guest VLAN can utilize resources in the Guest VLAN without undergoing the
802.1x authentication, but they can utilize the resources outside the Guest VLAN
only when they have passed the 802.1x authentication. In this way,
unauthenticated users can still perform operations such as accessing some
resources with the 802.1x client not installed, and upgrading 802.1x client.
Guest VLAN can utilize resources in the Guest VLAN without undergoing the
802.1x authentication, but they can utilize the resources outside the Guest VLAN
only when they have passed the 802.1x authentication. In this way,
unauthenticated users can still perform operations such as accessing some
resources with the 802.1x client not installed, and upgrading 802.1x client.
Perform the following configuration in system view or Ethernet interface view.
Note that:
■
Guest VLAN is only supported when the switch performs port-based
authentication.
authentication.
■
A switch can have only one Guest VLAN.
■
Users who are not authenticated, fail to be authenticated, or are offline are all
members of the Guest VLAN.
members of the Guest VLAN.
■
Guest VLANs can only be configured on Access ports.
■
You must use an existing VLAN ID, and the corresponding VLAN cannot be a
Super VLAN isolate-user-vlan.
Super VLAN isolate-user-vlan.
■
You must perform corresponding configuration manually to isolate the Guest
VLAN from other VLAN interfaces.
VLAN from other VLAN interfaces.
Setting the Maximum
times of authentication
request message
retransmission
The following commands are used for setting the maximum retransmission times
of the authentication request message that the switch sends to the supplicant.
of the authentication request message that the switch sends to the supplicant.
Perform the following configuration in system view.
By default, the max-retry-value is 2. That is, the switch can retransmit the
authentication request message to a supplicant for 2 times at most.
authentication request message to a supplicant for 2 times at most.
Configuring 802.1x
Timers
The following commands are used for configuring the 802.1x timers.
Perform the following configuration in system view.
Table 191 Configure Guest VLAN
Operation
Command
Enable Guest VLAN
dot1x guest-vlan vlan-id [ interface
interface-list ]
interface-list ]
Disable Guest VLAN
undo dot1x guest-vlan vlan-id [ interface
interface-list ]
interface-list ]
Table 192 Set the maximum times of the authentication request message retransmission
Operation
Command
Set the maximum times of the authentication
request message retransmission
request message retransmission
dot1x retry max-retry-value
Restore the default maximum retransmission
times
times
undo dot1x retry