Web and MAC Authentication
Operating Rules and Notes
Operating Rules and Notes
■ The switch supports concurrent 802.1X and either Web- or MAC-
authentication operation on a port (with up to 32 clients allowed).
However, concurrent operation of Web- or MAC-authentication with
other types of authentication on the same port is not supported. That
is, the following authentication types are mutually exclusive on a
given port:
• Web Authentication (with or without 802.1X)
• MAC Authentication (with or without 802.1X)
• MAC lockdown
• MAC lockout
• Port-Security
■ Order of Precedence for Port Access Management (highest to lowest):
a. MAC lockout
b. MAC lockdown or Port Security
c. Port-based Access Control (802.1x) or Web Authentication or MAC
Authentication
Note on Port
Access
Man agemen t
When configuring a port for Web or MAC Authentication, be sure that a higher
precedent port access management feature is not enabled on the port. For
example, be sure that Port Security is disabled on a port before configuring
the port for Web or MAC Authentication. If Port Security is enabled on the
port this misconfiguration does not allow Web or MAC Authentication to
occur.
■ VLANs: If your LAN does not use multiple VLANs, then you do not
need to configure VLAN assignments in your RADIUS server or
consider using either Authorized or Una ut hori zed VLANs. If yo ur LA N
does use multiple VLANs, then some of the following factors may
apply to your use of Web-Auth and MAC-Auth.
• Web-Auth and MAC-Auth operate only with port-based VLANs. Oper-
ation with protocol VLANs is not supported, and clients do not have
access to protocol VLANs during Web-Auth and MAC-Auth sessions.
• A port can belong to one, untagged VLAN during any client session.
Where multiple authenticated clients may simultaneously use the
same port, they must all be capable of operating on the same VLAN.
4-10
To Next Page
Loading...
