Owner's Manual
Chapter 16. Network Login | 407
NETGEAR 8800 User Manual
• You must create a VLAN and configure it as a guest VLAN before enabling the guest
VLAN feature.
• Configure guest VLANs only on network login ports with 802.1x enabled.
• Movement to guest VLANs is not supported on network login ports with MAC-based or
web-based authentication.
• 802.1x must be the only authentication method enabled on the port for movement to
guest VLAN.
• No supplicant on the port has 802.1x capability.
Creating Guest VLANs
If you configure a guest VLAN, and a supplicant has 802.1x disabled and does not respond
to 802.1x authentication requests from the switch, the supplicant moves to the guest VLAN.
Upon entering the guest VLAN, the supplicant gains limited network access.
Note: You can configure guest VLANs on a per port basis, which allows
you to configure more than one guest VLAN per VR.
To create a guest VLAN, use the following command:
configure netlogin dot1x guest-vlan <vlan_name> {ports <port_list>}
Enabling Guest VLANs
To enable the guest VLAN, use the following command:
enable netlogin dot1x guest-vlan ports [all | <ports>]
Modifying the Supplicant Response Timer
To modify the supplicant response timer, use the following command and specify the
supp-resp-timeout parameter:
configure netlogin dot1x timers [{server-timeout <server_timeout>}
{quiet-period <quiet_period>} {reauth-period <reauth_period> {reauth-max
<max_num_reauths>}} {supp-resp-timeout <supp_resp_timeout>}]
The default supplicant response timeout is 30 seconds, and the range is 1 to 120 seconds.
The number of authentication attempts is not a user-configured parameter.
Disabling Guest VLANs
To disable the guest VLAN, use the following command:
disable netlogin dot1x guest-vlan ports [all | <ports>]
Unconfiguring Guest VLANs
To unconfigure the guest VLAN, use the following command: