enable netlogin dot1x guest-vlan ports

enable netlogin dot1x guest-vlan ports [all | ports]

Description

Enables the guest VLAN on the specified 802.1X network login ports.

Syntax Description

all Specifies all ports included in the guest VLAN.
ports Specifies one or more ports or slots and ports on which the guest VLAN is enabled.

Default

Disabled.

Usage Guidelines

A guest VLAN provides limited or restricted network access if a supplicant connected to a port does not respond to the 802.1X authentication requests from the switch. A port always moves untagged into the guest VLAN.

Modifying the Supplicant Timer

By default, the switch attempts to authenticate the supplicant every 30 seconds for a maximum of three tries. If the supplicant does not respond to the authentication requests, the client moves to the guest VLAN. The number of authentication attempts is a user-configured parameter with allowed values in the range of 1 to 10.

To modify the supplicant response timer, use the following command and specify the supp-resp-timeout parameter:

configure netlogin dot1x timers [{server-timeout server_timeout} {quiet-periodquiet_period} {reauth-periodreauth_period {reauth-maxmax_num_reauths}} {supp-resp-timeoutsupp_resp_timeout}]

Creating the Guest VLAN

Before you can enable the guest VLAN on the specified ports, you must create the guest VLAN. To create the guest VLAN, use the following command:

configure netlogin dot1x guest-vlan vlan_name {portsport_list}

Example

The following command enables the guest VLAN on all ports:

enable netlogin dot1x guest-vlan ports all

The following command enables the guest VLAN on ports 2 and 3:

enable netlogin dot1x guest-vlan ports 2,3

History

This command was first available in ExtremeXOS 11.2.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.