Configuring an 802.1X guest VLAN
Restrictions and guidelines
You can configure only one 802.1X guest VLAN on a port. The 802.1X guest VLANs on different ports can be different.
Assign different IDs to the port VLAN, the voice VLAN, and the 802.1X guest VLAN on a port. The assignment makes sure the port can correctly process incoming VLAN-tagged traffic.
When you configure multiple security features on a port, follow the guidelines in Table 9.
Table 9: Relationships of the 802.1X guest VLAN and other security features
Feature
Relationship description
Reference
Super VLAN
You cannot specify a VLAN as both a super VLAN and an 802.1X guest VLAN.
See Layer 2—LAN Switching Configuration Guide.
802.1X Auth-Fail VLAN on a port that performs MAC-based access control
The 802.1X Auth-Fail VLAN has a higher priority than the 802.1X guest VLAN.
See "802.1X VLAN manipulation."
Port intrusion protection actions on a port that performs MAC-based access control
The 802.1X guest VLAN feature has higher priority than the block MAC action.
The 802.1X guest VLAN feature has lower priority than the shutdown port action of the port intrusion protection feature.
See "Configuring port security."
Prerequisites
Before you configure an 802.1X guest VLAN, complete the following tasks:
Create the VLAN to be specified as the 802.1X guest VLAN.
If the 802.1X-enabled port performs MAC-based access control, perform the following operations for the port:
Configure the port as a hybrid port.
Enable MAC-based VLAN on the port. For more information about MAC-based VLANs, see Layer 2—LAN Switching Configuration Guide.
Assign the port to the 802.1X guest VLAN as an untagged member.
Procedure
Enter system view.
system-view
Enter interface view.
interface interface-type interface-number
Configure the 802.1X guest VLAN on the port.
dot1x guest-vlan guest-vlan-id
By default, no 802.1X guest VLAN exists on a port.