Технические ссылки для Cisco Cisco Gigabit Ethernet Switch Module (CGESM) for HP
2-74
Cisco Gigabit Ethernet Switch Module for the HP p-Class BladeSystem Command Reference Guide
380265-002
Chapter 2 CGESM Switch Cisco IOS Commands
dot1x guest-vlan
Entering the dot1x guest-vlan supplicant global configuration command disables this behavior.
Any number of non-IEEE 802.1x-capable clients are allowed access when the switch port is moved to
the guest VLAN. If an IEEE 802.1x-capable client joins the same port on which the guest VLAN is
configured, the port is put into the unauthorized state in the user-configured access VLAN, and
authentication is restarted.
the guest VLAN. If an IEEE 802.1x-capable client joins the same port on which the guest VLAN is
configured, the port is put into the unauthorized state in the user-configured access VLAN, and
authentication is restarted.
Guest VLANs are supported on IEEE 802.1x ports in single-host or multiple-hosts mode.
You can configure any active VLAN except an Remote Switched Port Analyzer (RSPAN) VLAN or a
voice VLAN as an IEEE 802.1x guest VLAN. The guest VLAN feature is not supported on trunk ports;
it is supported only on access ports.
voice VLAN as an IEEE 802.1x guest VLAN. The guest VLAN feature is not supported on trunk ports;
it is supported only on access ports.
After you configure a guest VLAN for an IEEE 802.1x port to which a DHCP client is connected, you
might need to get a host IP address from a DHCP server. You can change the settings for restarting the
IEEE 802.1x authentication process on the switch before the DHCP process on the client times out and
tries to get a host IP address from the DHCP server. Decrease the settings for the IEEE 802.1x
authentication process (dot1x timeout quiet-period and dot1x timeout tx-period interface
configuration commands). The amount to decrease the settings depends on the connected IEEE 802.1x
client type.
might need to get a host IP address from a DHCP server. You can change the settings for restarting the
IEEE 802.1x authentication process on the switch before the DHCP process on the client times out and
tries to get a host IP address from the DHCP server. Decrease the settings for the IEEE 802.1x
authentication process (dot1x timeout quiet-period and dot1x timeout tx-period interface
configuration commands). The amount to decrease the settings depends on the connected IEEE 802.1x
client type.
Examples
This example shows how to specify VLAN 5 as an IEEE 802.1x guest VLAN:
Switch(config-if)# dot1x guest-vlan 5
This example shows how to set 3 as the quiet time on the switch, to set 15 as the number of seconds that
the switch waits for a response to an EAP-request/identity frame from the client before resending the
request, and to enable VLAN 2 as an IEEE 802.1x guest VLAN when an IEEE 802.1x port is connected
to a DHCP client:
the switch waits for a response to an EAP-request/identity frame from the client before resending the
request, and to enable VLAN 2 as an IEEE 802.1x guest VLAN when an IEEE 802.1x port is connected
to a DHCP client:
Switch(config-if)# dot1x timeout quiet-period 3
Switch(config-if)# dot1x timeout tx-period 15
Switch(config-if)# dot1x guest-vlan 2
This example shows how to enable the optional guest VLAN behavior and to specify VLAN 5 as an
IEEE 802.1x guest VLAN:
IEEE 802.1x guest VLAN:
Switch(config)# dot1x guest-vlan supplicant
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# dot1x guest-vlan 5
You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC
command.
command.
Related Commands
Command
Description
Enables the optional guest VLAN supplicant feature.
[interface interface-id]
Displays IEEE 802.1x status for the specified port.