Filter
Top Products
show 802.1x non-supp User Documentation Addendum
page 1-18 Release 5.1.6.R02 User Guide Supplement June 2005
• Once a non-802.1x supplicant is learned on a guest VLAN, it is no longer eligible for Group Mobility
classification and assignment.
• If a non-802.1x supplicant device becomes 802.1x capable when it is a member of a guest VLAN, upon
authentication the device is automatically moved from the guest VLAN to the appropriate 802.1x spec-
ified VLAN. Disconnecting the device from the 802.1x port is not required in this scenario.
• If an authenticated 802.1x supplicant becomes non-802.1x capable, the device is moved to an existing
guest VLAN after the device is rebooted.
By default a guest VLAN is not configured on an 802.1x port. For information about how to configure a
guest VLAN, see “Configuring a Guest VLAN” on page 1-14. For information about how to set the
number of times an unknown device is polled for identification, see “Configuring the Supplicant Polling
Retry Count” on page 1-15.
New Section, page 21-10
The following section should be added to page 21-10:
Configuring a Guest VLAN
To configure a guest VLAN for an 802.1x port, use the 802.1x guest-vlan command with the relevant slot/
port number and specify an existing VLAN ID. For example:
-> 802.1x 3/1 guest-vlan 5
This command associates guest VLAN 5 with 802.1x port 3/1. When a non-802.1x supplicant is identified
on this port, the source MAC address of the supplicant is learned in VLAN 5. This MAC address is then
aged according to the aging timer value for VLAN 5.
To remove a guest VLAN from an 802.1x port, use the disable option with the 802.1x guest-vlan
command. Note that it is not necessary to specify the guest VLAN ID with this command. For example:
-> 802.1x 3/1 guest-vlan disable
Note the following when configuring a guest VLAN:
• The guest VLAN option is only available for 802.1x ports operating in the auto mode.
• Only one VLAN is allowed per 802.1x port. If a client successfully authenticates on the port, all guest
VLAN users are dropped.
• The VLAN ID specified must already exist in the switch configuration. Use the vlan command to
create a VLAN before configuring it as an 802.1x guest VLAN.
• If a guest VLAN is already configured for the specified 802.1x port when the 802.1x guest-vlan
command is used, the existing VLAN ID is overwritten with the new value.
Configuring the Supplicant Polling Retry Count
To configure the number of times the switch polls an unknown device connected to an 802.1x port, use the
802.1x supp-polling retry command. For example,
-> 802.1x 3/1 supp-polling retry 10
If after the number of polling attempts specified the device has not responded with EAP frames, then the
device is learned as a non-802.1x supplicant in a guest VLAN. If a guest VLAN was not configured for the