No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring the Guest VLAN Function

(Optional) Configuring the Guest VLAN Function

Context

You can configure a guest VLAN on a device interface so that users can access some network resources without being authenticated. The user is added to the guest VLAN before being authenticated to access resources in the guest VLAN. However, the users still must be authenticated before accessing network resources outside the guest VLAN.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure the guest VLAN function in the system or interface view.

    • In the system view:

    1. Run authentication guest-vlan vlan-id interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

      The guest VLAN to which the interface is added is configured.

    • In the interface view:

    1. Run interface interface-type interface-number

      The interface view is displayed.

    2. Run authentication guest-vlan vlan-id

      The guest VLAN to which the interface is added is configured.

    By default, an interface is not added to the guest VLAN.

    NOTE:
    • The guest VLAN function can take effect only in 802.1X and MAC address authentication.
    • A super VLAN cannot be configured as a guest VLAN.
    • When free IP subnets are configured, the guest VLAN function becomes invalid immediately.
    • The guest VLAN function takes effect only when a user sends untagged packets to the device.
    • Different interfaces can be configured with different guest VLANs. After a guest VLAN is configured on an interface, the guest VLAN cannot be deleted.
    • To make the VLAN authorization function take effect, the link type and access control mode of the authentication interface must meet the following requirements:
      • When the link type is hybrid in untagged mode, the access control mode can be based on the MAC address or interface.
      • When the link type is access or trunk, the access control mode can only be based on the interface.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 124426

Downloads: 59

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next