mac-authentication guest-vlan
Syntax
mac-authentication guest-vlan guest-vlan-id
undo mac-authentication guest-vlan
View
Ethernet interface view
Default level
2: System level
Parameters
guest-vlan-id: Specifies a VLAN as the MAC authentication guest VLAN. The value range is from 1 to 4094. Make sure that the VLAN has been created.
Description
Use mac-authentication guest-vlan to specify a MAC authentication guest VLAN on a port. Any users that have failed MAC authentication on the port is assigned to this VLAN, so they can access a limited set of network resources, such as a software server, to download anti-virus software, and system patches. After a user in the guest VLAN passes MAC authentication, it is removed from the guest VLAN and can access all authorized network resources.
Use undo mac-authentication guest-vlan to remove the MAC authentication guest VLAN from the port.
By default, no MAC authentication guest VLAN is configured on a port.
To use the MAC authentication guest VLAN function on a port, you must enable MAC-based VLAN on the port, in addition to enabling MAC authentication both globally and on the port.
To delete a VLAN that has been set as a MAC authentication guest VLAN, remove the guest VLAN configuration first.
Related commands: mac-authentication; mac-vlan enable (the Layer 2—LAN Switching Command Reference).
Examples
# Configure VLAN 5 as the MAC authentication guest VLAN on port Ethernet 1/0/1.
<Sysname> system-view [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] mac-authentication guest-vlan 5