mac-authentication guest-vlan

Syntax

mac-authentication guest-vlan guest-vlan-id

undo mac-authentication guest-vlan

View

Ethernet interface view

Default level

2: System level

Parameters

guest-vlan-id: Specifies a VLAN as the MAC authentication guest VLAN. The value range is from 1 to 4094. Make sure that the VLAN has been created.

Description

Use mac-authentication guest-vlan to specify a MAC authentication guest VLAN on a port. Any users that have failed MAC authentication on the port is assigned to this VLAN, so they can access a limited set of network resources, such as a software server, to download anti-virus software, and system patches. After a user in the guest VLAN passes MAC authentication, it is removed from the guest VLAN and can access all authorized network resources.

Use undo mac-authentication guest-vlan to remove the MAC authentication guest VLAN from the port.

By default, no MAC authentication guest VLAN is configured on a port.

To use the MAC authentication guest VLAN function on a port, you must enable MAC-based VLAN on the port, in addition to enabling MAC authentication both globally and on the port.

To delete a VLAN that has been set as a MAC authentication guest VLAN, remove the guest VLAN configuration first.

Related commands: mac-authentication; mac-vlan enable (the Layer 2LAN Switching Command Reference).

Examples

# Configure VLAN 5 as the MAC authentication guest VLAN on port Ethernet 1/0/1.

<Sysname> system-view
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] mac-authentication guest-vlan 5