113
Table 10 Relationships of the MAC authentication guest VLAN with other security features
Feature Relationship description Reference
Quiet function of MAC
authentication
The MAC authentication guest VLAN
function has higher priority. A user can
access any resources in the guest VLAN.
See "MAC authentication timers"
Super VLAN
You cannot specify a VLAN as both a super
VLAN and a MAC authentication guest
VLAN.
See Layer 2
—
LAN Switching
Configuration Guide
Port intrusion protection
The MAC authentication guest VLAN
function has higher priority than the block
MAC action but lower priority than the
shutdown port action of the port intrusion
protection feature.
See "Configuring port security"
802.1X guest VLAN on a
port that performs
MAC-based access
control
The MAC authentication guest VLAN has a
lower priority.
See "Configuring 802.1X"
If MAC authentication clients in your network cannot trigger an immediate DHCP-assigned IP address
renewal in response to a VLAN change, the MAC authentication users cannot access authorized network
resources immediately after a MAC authentication is complete. As a solution, remind the MAC
authentication users to release their IP addresses or repair their network connections for a DHCP
reassignment after MAC authentication is complete.
Before you configure a MAC authentication guest VLAN on a port, complete the following tasks:
• Enable MAC authentication.
• Enable MAC-based VLAN on the port.
• Create the VLAN to be specified as the MAC authentication guest VLAN.
To configure a MAC authentication guest VLAN:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter Ethernet port view.
interface interface-type
interface-number
N/A
3. Specify a MAC
authentication guest
VLAN.
mac-authentication guest-vlan
guest-vlan-id
By default, no MAC authentication
guest VLAN is configured.
You can configure only one MAC
authentication guest VLAN on a
port.
Configuring a MAC authentication critical VLAN
Follow the guidelines in Table 11 when you configure a MAC authentication critical VLAN on a port.
To Next Page
Loading...
Need help?
General