Enables the guest VLAN on the specified 802.1X network login ports.
all | Specifies all ports included in the guest VLAN. |
ports | Specifies one or more ports or slots and ports on which the guest VLAN is enabled. |
Disabled.
A guest VLAN provides limited or restricted network access if a supplicant connected to a port does not respond to the 802.1X authentication requests from the switch. A port always moves untagged into the guest VLAN.
By default, the switch attempts to authenticate the supplicant every 30 seconds for a maximum of three tries. If the supplicant does not respond to the authentication requests, the client moves to the guest VLAN. The number of authentication attempts is a user-configured parameter with allowed values in the range of 1 to 10.
To modify the supplicant response timer, use the following command and specify the supp-resp-timeout parameter:
configure netlogin dot1x timers [{server-timeout server_timeout} {quiet-periodquiet_period} {reauth-periodreauth_period {reauth-maxmax_num_reauths}} {supp-resp-timeoutsupp_resp_timeout}]Before you can enable the guest VLAN on the specified ports, you must create the guest VLAN. To create the guest VLAN, use the following command:
configure netlogin dot1x guest-vlan vlan_name {portsport_list}The following command enables the guest VLAN on all ports:
enable netlogin dot1x guest-vlan ports all
The following command enables the guest VLAN on ports 2 and 3:
enable netlogin dot1x guest-vlan ports 2,3
This command was first available in ExtremeXOS 11.2.
This command is available on the ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, and X870 series switches.