EasyManua.ls Logo

HPE FlexFabric 5940 SERIES

HPE FlexFabric 5940 SERIES
571 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
124
Step Command Remarks
2. Enter Ethernet interface
view.
interface
interface-type
interface-number
N/A
3. Enable parallel
processing of MAC
authentication and
802.1X authentication on
the port.
mac-authentication
parallel-with-dot1x
By default, this feature is disabled.
Configuring a MAC authentication guest VLAN
You must configure the MAC authentication guest VLAN on a hybrid port. Before you configure the
MAC authentication guest VLAN on a hybrid port, complete the following tasks:
Enable MAC authentication globally and on the port.
Enable MAC-based VLAN on the port.
Create the VLAN to be specified as the MAC authentication guest VLAN.
Configure the VLAN as an untagged member on the port.
When you configure the MAC authentication guest VLAN on a port, follow the guidelines in Table 14.
Table 14
Relationships of the MAC authentication guest VLAN with other security features
Feature Relationship description Reference
Quiet feature of MAC
authentication
The MAC authentication guest VLAN feature
has higher priority.
When a user fails MAC authentication, the
user can access the resources in the guest
VLAN. The user's MAC address is not marked
as a silent MAC address.
See "Configuring MAC
authentication timers."
Super VLAN
You cannot specify a VLAN as both a super
VLAN and a MAC authentication guest VLAN.
See Layer 2—LAN Switching
Configuration Guide.
Port intrusion protection
The guest VLAN feature has higher priority
than the block MAC action but lower priority
than the shutdown port action of the port
intrusion protection feature.
See "Configuring port
securit
y."
To configure the MAC authentication guest VLAN on a port:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter Ethernet interface
view.
interface
interface-type
interface-number
N/A
3. Specify the MAC
authentication guest
VLAN on the port.
mac-authentication
guest-vlan
guest-vlan-id
By default, no MAC authentication guest
VLAN exists.
You can configure only one MAC
authentication guest VLAN on a port.
4. (Optional.) Set the
authentication interval
for users in the MAC
authentication guest
VLAN.
mac-authentication
guest-vlan auth-period
period-value
The default setting is 30 seconds.

Table of Contents

Other manuals for HPE FlexFabric 5940 SERIES

Related product manuals