121
The global authentication domain is applicable to all MAC authentication enabled ports. A port specific
authentication domain is applicable only to the port. You can specify different authentication domains on
different ports.
A port chooses an authentication domain for MAC authentication users in this order: port specific
domain, global domain, and the default authentication domain.
Related commands: display mac-authentication.
Examples
# Specify the domain1 domain as the global authentication domain for MAC authentication users.
<Sysname> system-view
[Sysname] mac-authentication domain domain1
# Specify the aabbcc domain as the authentication domain for MAC authentication users on port
GigabitEthernet 1/0/1.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet 1/0/1] mac-authentication domain aabbcc
mac-authentication guest-vlan
Syntax
mac-authentication guest-vlan guest-vlan-id
undo mac-authentication guest-vlan
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
guest-vlan-id: Specifies a VLAN as the MAC authentication guest VLAN. The value range is from 1 to
4094. Ensure that the VLAN has been created.
Description
Use the mac-authentication guest-vlan command to specify a MAC authentication guest VLAN on a port.
Any users that have failed MAC authentication on the port is assigned to this VLAN, so they can access
a limited set of network resources, such as a software server, to download anti-virus software, and system
patches. After a user in the guest VLAN passes MAC authentication, it is removed from the guest VLAN
and can access all authorized network resources.
Use the undo mac-authentication guest-vlan command to remove the MAC authentication guest VLAN
from the port.
By default, no MAC authentication guest VLAN is configured on a port.
To use the MAC authentication guest VLAN function on a port, you must enable MAC-based VLAN on
the port, in addition to enabling MAC authentication both globally and on the port.
To delete a VLAN that has been set as a MAC authentication guest VLAN, remove the guest VLAN
configuration first.
Related commands: mac-authentication; mac-vlan enable (Layer 2—LAN Switching Command
Reference).
To Next Page
Loading...
