The if-match vlan-id command configures the VLAN ID-based user identification policy.
The undo if-match vlan-id command deletes the VLAN ID-based user identification policy.
By default, no VLAN ID-based user identification policy is configured.
if-match vlan-id { start-vlan-id [ to end-vlan-id ] } &<1-10>
undo if-match vlan-id { start-vlan-id [ to end-vlan-id ] } &<1-10>
Parameter |
Description |
Value |
|---|---|---|
start-vlan-id [ to end-vlan-id ] |
Specifies the start and end user VLAN IDs. The value of end-vlan-id must be greater than that of start-vlan-id. If the parameter to end-vlan-id is not specified, users are classified based on the VLAN ID specified by start-vlan-id. |
The value of start-vlan-id or end-vlan-id is an integer that ranges from 1 to 4094. |
Usage Scenario
On some enterprise networks, VLANs are used to divide the entire network into different areas with various security levels. The administrator requires that a user should obtain different network access rights when the user connects to the network from different areas. In this case, the user context identification function can be enabled on access devices, and a group of VLANs that belong to the same area are added to the same user context profile. The administrator then assigns the mapping network access rights to different user context profiles based on the security level of each area. When a user connects to the network from different areas, the user is added to different user context profiles matching their access VLANs and therefore obtains different network access rights.
Prerequisites
A user context profile has been created using the access-context profile name profile-name command in the system view.
Precautions
This function takes effect only for users who go online after this function is successfully configured.