DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-34
Command Function
configure terminal
Enter the global configuration mode.
interface interface
Enter the interface configuration mode.
dot1x dynamic-vlan enable
Allow Vlan jump on the interface.
[no] dot1x guest-vlan vid
Configure whether to enable guest vlan, which is disabled by
default.
end
Return to the privileged mode.
write
Save the configuration.
show running-config
Show the configuration.
Caution
1. Guest vlan takes effect unless you configure dot1x dynamic-vlan
enable.
2. It is better not to configure L2 attributes when configuring guest vlan,
especially not to set vlan on the port manually.
3. Exiting guest vlan when there is eapol packet on the port and the port
is linkdown. If you configure guest vlan, it will check guest vlan
exchange conditions again when the port is linkup.
4. Enabling guest vlan on Trunk port causes the users in other vlan on
this port access the network without 802.1x authentication. To this
end, it is recommeded that guest vlan shall be enabled on the Access
port.
5. Guest vlan does not support the private vlan. That is to say, you can
not set the private vlan as the dot1x guest vlan.
4.2.26 Shielding Proxy Server and
Dial-up
The two major potential threats to network security are: The user sets its own proxy server and
the user makes dial-up to access the network after authentication. Star switches provide the
function to shield proxy servers and dial-up connections.
To implement this function needs no settings on the device end and needs only the
corresponding attributes configured on the Radius server end. Since the Radius has no
standard attributes to indicate the maximum data rate, we can transfer the authorization
information only through the manufacturer custom attributes. For the general format defined,
see the Authorization section.