DES-3010F/DES-3010FL/DES-3010G/DES-3016/DES-3018/DES-3026 Fast Ethernet Switch Manual
151
Guest VLANs
Figure 10- 16. Guest VLAN Authentication Process
Limitations Using the Guest VLAN
1. Ports supporting Guest VLANs cannot be GVRP enabled and vice versa.
2. A port cannot be a member of a Guest VLAN and a static VLAN simultaneously.
3. Once a client has been accepted into the target VLAN, it can no longer access the Guest VLAN.
4. If a port is a member of multiple VLANs, it cannot become a member of the Guest VLAN.
On 802.1X security enabled networks, there is a need
for non 802.1X supported devices to gain limited
access to the network, due to lack of the proper
802.1X software or incompatible devices, such as
computers running Windows 98 or lower operating
systems, or the need for guests to gain access to the
network without full authorization or local
authentication on the Switch. To supplement these
circumstances, this switch now implements 802.1X
Guest VLANs. These VLANs should have limited
access rights and features separate from other VLANs
on the network.
To implement 802.1X Guest VLANs, the user must
first create a VLAN on the network with limited rights
and then enable it as an 802.1X guest VLAN. Then
the administrator must configure the guest accounts
accessing the Switch to be placed in a Guest VLAN
when trying to access the Switch. Upon initial entry to
the Switch, the client wishing services on the Switch
will need to be authenticated by a remote RADIUS
Server or local authentication on the Switch to be
placed in a fully operational VLAN. If authenticated
and the authenticator possesses the VLAN placement
information, that client will be accepted into the fully
operational target VLAN and normal switch functions
will be open to the client. If the authenticator does not
have target VLAN placement information, the client
will be returned to its originating VLAN. Yet, if the
client is denied authentication by the authenticator, it
will be placed in the Guest VLAN where it has limited
rights and access. The adjacent figure should give the
user a better understanding of the Guest VLAN
process.