3com 8807 사용자 가이드

VLAN when the maximum number of re-authentications is reached. Users in a 
Guest VLAN can utilize resources in the Guest VLAN without undergoing the 
802.1x authentication, but they can utilize the resources outside the Guest VLAN 
only when they have passed the 802.1x authentication. In this way, 
unauthenticated users can still perform operations such as accessing some 
resources with the 802.1x client not installed, and upgrading 802.1x client.

Perform the following configuration in system view or Ethernet interface view.

Note that:

■

Guest VLAN is only supported when the switch performs port-based 
authentication.

■

A switch can have only one Guest VLAN.

■

Users who are not authenticated, fail to be authenticated, or are offline are all 
members of the Guest VLAN.

■

Guest VLANs can only be configured on Access ports.

■

You must use an existing VLAN ID, and the corresponding VLAN cannot be a 
Super VLAN isolate-user-vlan.

■

You must perform corresponding configuration manually to isolate the Guest 
VLAN from other VLAN interfaces.

The following commands are used for setting the maximum retransmission times 
of the authentication request message that the switch sends to the supplicant.

Perform the following configuration in system view.

By default, the max-retry-value is 2. That is, the switch can retransmit the 
authentication request message to a supplicant for 2 times at most.

The following commands are used for configuring the 802.1x timers.

Perform the following configuration in system view.

Table 191   Configure Guest VLAN

Enable Guest VLAN 

dot1x guest-vlan vlan-id [ interface 
interface-list ] 

Disable Guest VLAN 

undo dot1x guest-vlan vlan-id [ interface 
interface-list ]

Table 192   Set the maximum times of the authentication request message retransmission

Set the maximum times of the authentication 
request message retransmission 

dot1x retry max-retry-value 

Restore the default maximum retransmission 
times