D-Link DGS-3130 Emulator - Page 587
Network Access Authentication Commands
View all D-Link DGS-3130 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 587 highlights
DGS-3130 Layer 3 Stackable Managed Switch CLI Reference Guide 55. Network Access Authentication Commands 55-1 authentication guest-vlan This command is used to configure the guest VLAN setting. Use the no form of this command to remove the guest VLAN. authentication guest-vlan VLAN-ID no authentication guest-vlan Parameters VLAN-ID Specifies the authentication guest VLAN. Default None. Command Mode Interface Configuration Mode. Command Default Level Level: 12. Usage Guideline This command cannot be configured if the specified VLAN does not exist as a static VLAN. The host cannot access the network until it passes the authentication. If the guest VLAN is configured, the host is allowed to access the guest VLAN only without passing the authentication. During authentication, if the RADIUS server assigns a VLAN to the user, then the user will be authorized to this assigned VLAN. Guest VLAN and VLAN assignment does not take effect on trunk VLAN port and VLAN tunnel port. Normally guest VLAN and VLAN assignment are functioning for hosts that connect to untagged ports. It may cause unexpected behavior if it is functioning on hosts that send tagged packets. If the authentication host-mode is set to multi-host, the port will be added as a guest VLAN member port and the PVID of the port will change to guest VLAN. Traffic that comes from guest VLAN can be forward whatever whether authenticated. Traffic that comes from other VLANs will still be dropped until it pass authentication. When one host passes authentication, the port will leave the guest VLAN and be added to the assigned VLAN. The PVID of the port will be changed to the assigned VLAN. If the authentication host-mode is set to multi-auth, the port will be added as a guest VLAN member port and the PVID of the port will be changed to a guest VLAN. Hosts that are allowed to access the guest VLAN are forbidden to access other VLANs until it pass authentication. When one host passes authentication, the port will stay in the guest VLAN, the PVID of the port will not be changed. If guest VLAN is disabled, the port will exit the guest VLAN and return to the native VLAN. The PVID will change to the native VLAN. Example This example shows how to specify VLAN 5 as a guest VLAN. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# authentication guest-vlan 5 Switch(config-if)# 583