1-19z The Guest VLAN function is available only when the switch operates in the port-basedauthentication mode.z Only one Guest VLAN can be configured for each switch.z The Guest VLAN function cannot be implemented if you configure the dot1x dhcp-launchcommand on the switch to enable DHCP-triggered authentication. This is because the switch doesnot send authentication packets unsolicitedly in that case.Configuring 802.1x Re-AuthenticationTable 1-8 Enable 802.1x re-authenticationOperation Command RemarksEnter system view system-view —In systemviewdot1x re-authenticate [ interfaceinterface-list ]Enable802.1xre-authentication onport(s) In port view dot1x re-authenticateRequiredBy default, 802.1xre-authentication isdisabled on a port.z To enable 802.1x re-authentication on a port, you must first enable 802.1x globally and on the port.z When re-authenticating a user, a switch goes through the complete authentication process. Ittransmits the username and password of the user to the server. The server may authenticate theusername and password, or, however, use re-authentication for only accounting and userconnection status checking and therefore does not authenticate the username and password anymore.z An authentication server running CAMS authenticates the username and password duringre-authentication of a user in the EAP authentication mode but does not in PAP or CHAPauthentication mode.Configuring the 802.1x Re-Authentication TimerAfter 802.1x re-authentication is enabled on the switch, the switch determines the re-authenticationinterval in one of the following two ways:1) The switch uses the value of the Session-timeout attribute field of the Access-Accept packet sentby the RADIUS server as the re-authentication interval.2) The switch uses the value configured with the dot1x timer reauth-period command as there-authentication interval for access users.Note the following: