Filter
Top Products
107
Enhancements
Release M.10.33 Enhancements
Enabling the Use of GVRP-Learned Dynamic VLANs in Authentication Sessions
Syntax: aaa port-access gvrp-vlans
Enables the use of dynamic VLANs (learned through GVRP)
in the temporary untagged VLAN assigned by a RADIUS
server on an authenticated port in an 802.1X, MAC, or Web
authentication session.
Enter the no form of this command to disable the use of GVRP-
learned VLANs in an authentication session.
For information on how to enable a switch to dynamically
create 802.1Q-compliant VLANs, refer to the “GVRP” chapter
in the Access Security Guide.
Notes:
1. If a port is assigned as a member of an untagged dynamic
VLAN, the dynamic VLAN configuration must exist at the
time of authentication and GVRP for port-access
authentication must be enabled on the switch.
If the dynamic VLAN does not exist or if you have not enabled
the use of a dynamic VLAN for authentication sessions on
the switch, the authentication fails.
Syntax: aaa port-access gvrp-vlans
—Continued—
2. After you enable dynamic VLAN assignment in an authen-
tication session, it is recommended that you use the interface
unknown-vlans command on a per-port basis to prevent
denial-of-service attacks. The interface unknown-vlans com-
mand allows you to:
• Disable the port from sending advertisements of existing
GVRP-created VLANs on the switch.
• Drop all GVRP advertisements received on the port.
For more information, refer to the “GVRP” chapter in the
Advanced Traffic Management Guide.