1-8
Examples
# Enable port security.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] port-security enable
Notice: The port-control of 802.1x will be restricted to auto when port-security is enabled.
Please wait... Done.
port-security guest-vlan
Syntax
port-security guest-vlan vlan-id
undo port-security guest-vlan
View
Ethernet port view
Parameters
vlan-id
: Specifies a guest VLAN by its VLAN ID in the range of 1 to 4094. The VLAN must already exist.
Description
Use the
port-security guest-vlan
command to specify an existing VLAN as the guest VLAN of a port.
Use the
undo port-security guest-vlan
command to remove the guest VLAN configuration.
By default, no guest VLAN is specified for a port.
Note that:
z
Only an existing VLAN can be specified as a guest VLAN. Make sure the guest VLAN of the port
contain the resources that the users need.
z
If one user of the port has passed or is undergoing authentication, you cannot specify a guest
VLAN for it.
z
When a user using a port with a guest VLAN specified fail the authentication, the port is added to
the guest VLAN and users of the port can access only the resources in the guest VLAN.
z
Multiple users may connect to one port in the
macAddressOrUserLoginSecure
mode for
authentication; however, after a guest VLAN is specified, a maximum of one user can pass the
security authentication. In this case, the authentication client software of the other 802.1x users
displays messages about the failure; MAC address authentication does not have any client
software and therefore no such messages will be displayed.
z
To change the security mode from
macAddressOrUserLoginSecure
mode of a port that is
assigned to a guest VLAN, execute the
undo port-security guest-vlan
command first to remove
the guest VLAN configuration.
z
For a port configured with both the
port-security guest-vlan
and
port-security intrusion-mode
disableport
commands, when authentication of a user fails, only the intrusion detection feature is
triggered. The port is not added to the specified guest VLAN.
z
It is not recommended to configure the
port-security guest-vlan
and
port-security
intrusion-mode blockmac
commands simultaneously for a port. Because when the
Summary of Contents for 5500-EI PWR
Page 43: ...2 6...
Page 76: ...1 17...
Page 228: ...ii stp transmit limit 1 44 vlan mapping modulo 1 45 vlan vpn tunnel 1 46...
Page 477: ...5 24 Sysname vlan 2 Sysname vlan2 service type multicast...
Page 503: ...2 3 System View return to User View with Ctrl Z Sysname dot1x url http 192 168 19 23...
Page 519: ...iii...
Page 597: ...2 2 security policy server 192 168 0 1 user name format without domain...
Page 648: ...1 9 Examples Clear static ARP entries Sysname reset arp static...
Page 663: ...4 3 Sysname resilient arp interface vlan interface 2...
Page 767: ...1 28 From 12 00 Jan 1 2008 to 12 00 Jun 1 2008...
Page 1111: ...ii xmodem get 3 18...
Page 1314: ...A 44 Z...