1-5Table 1-3 Configure a Guest VLANOperation Command DescriptionEnter system view system-view —Enter Ethernet port view interface interface-typeinterface-number —Configure the Guest VLAN forthe current portmac-authenticationguest-vlan vlan-idRequiredBy default, no Guest VLAN isconfigured for a port by default.Return to system view quit —Configure the interval at whichthe switch re-authenticatesusers in Guest VLANsmac-authentication timerguest-vlan-reauth intervalOptionalBy default, the switchre-authenticates the users inGuest VLANs at the interval of30 seconds by default.z If more than one client are connected to a port, you cannot configure a Guest VLAN for this port.z When a Guest VLAN is configured for a port, only one MAC address authentication user canaccess the port. Even if you set the limit on the number of MAC address authentication users tomore than one, the configuration does not take effect.z The undo vlan command cannot be used to remove the VLAN configured as a Guest VLAN. If youwant to remove this VLAN, you must remove the Guest VLAN configuration for it. Refer to theVLAN module in this manual for the description on the undo vlan command.z Only one Guest VLAN can be configured for a port, and the VLAN configured as the Guest VLANmust be an existing VLAN. Otherwise, the Guest VLAN configuration does not take effect. If youwant to change the Guest VLAN for a port, you must remove the current Guest VLAN and thenconfigure a new Guest VLAN for this port.z 802.1x authentication cannot be enabled for a port configured with a Guest VLAN.z The Guest VLAN function for MAC authentication does not take effect when port security isenabled.Configuring the Maximum Number of MAC Address Authentication Users Allowed toAccess a PortYou can configure the maximum number of MAC address authentication users for a port in order tocontrol the maximum number of users accessing a port. After the number of access users hasexceeded the configured maximum number, the switch will not trigger MAC address authentication forsubsequent access users, and thus these subsequent access users cannot access the networknormally.