Configuring a Guest VLAN on a Port

When you configure a guest VLAN, clients that are not IEEE 802.1x-capable are put into the guest VLAN when the server does not receive a response to its EAPOL Request/Identity frame. Clients that are IEEE 802.1x-capable but fail authentication are not granted access to the network. The switch supports guest VLANs in single-host or multiple-hosts mode.

Perform these tasks to configure a guest VLAN on a switch port: Step 1 Enable AAA.

Step 2 Enable 802.1x guest VLAN behavior globally. Step 3 Configure the switch port as an access port. Step 4 Configure dot1x port control as auto. Step 5 Specify an active VLAN as a guest VLAN.

Securing Networks with Cisco Routers and Switches (SNRS) v2.0

2-98

0 0

Post a comment