100
Configuring a MAC authentication guest VLAN
Configuration prerequisites
Before you configure a MAC authentication guest VLAN on a port, complete the following tasks:
• Enable MAC authentication.
• Enable MAC-based VLAN on the port.
• Create the VLAN to be specified as the MAC authentication guest VLAN.
Configuration procedure
Follow these steps to configure a MAC authentication guest VLAN:
To do… Use the command… Remarks
Enter system view system-view —
Enter Layer 2 Ethernet
interface view
interface interface-type
interface-number
—
Configure a MAC
authentication guest VLAN
mac-authentication guest-vlan
guest-vlan-id
Required
By default, no MAC authentication
guest VLAN is configured.
You can configure only one MAC
authentication guest VLAN on a
port.
Follow the guidelines in Table 10 when configuring a MAC authentication guest VLAN on a port.
Table 10 Relationships of the MAC authentication guest VLAN with other security features
Feature Relationship description Reference
MAC authentication quiet
function
The MAC authentication guest VLAN
function has higher priority. A user can
access any resources in the guest VLAN.
MAC authentication timers
Port intrusion protection
The MAC authentication guest VLAN
function has higher priority than the block
MAC action but lower priority than the shut
down port action of the port intrusion
protection feature.
The chapter "Port security
configuration"
802.1X guest VLAN on a
port that performs
MAC-based access
control
The MAC authentication guest VLAN has a
lower priority.
The chapter "802.1X
configuration"
NOTE:
hen global MAC authentication is enabled, the EAD fast deployment function cannot take effect. For
more information about the EAD fast deployment function, see the chapter "EAD fast deployment
configuration."
To Next Page
Loading...
