EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #124 background imageLoading...
Page #124 background image
111
After MAC authentication succeeds, the port is assigned to the MAC authentication authorization
VLAN.
• If 802.1X authentication fails, the MAC authentication result takes effect.
• If 802.1X authentication succeeds, the device handles the port and the MAC address based on
the 802.1X authentication result.
Configuration restrictions and guidelines
When you enable parallel processing of MAC authentication and 802.1X authentication on a port,
follow these restrictions and guidelines:
• Make sure the port meets the following requirements:
ï‚¡ The port is configured with both 802.1X authentication and MAC authentication and
performs MAC-based access control for 802.1X authentication.
ï‚¡ The port is enabled with the 802.1X unicast trigger.
• For the port to perform MAC authentication before it is assigned to the 802.1X guest VLAN,
enable 802.1X guest VLAN assignment delay.
For information about 802.1X guest VLAN assignment delay, see "Configuring 802.1X."
• For the parallel processing feature to work correctly, do not enable MAC authentication delay on
the port. This operation will delay MAC authentication after 802.1X authentication is triggered.
• To configure both 802.1X authentication and MAC authentication on the port, use one of the
following methods:
ï‚¡ Enable the 802.1X and MAC authentication features separately on the port.
ï‚¡ Enable port security on the port. The port security mode must be userlogin-secure-or-mac
or userlogin-secure-or-mac-ext.
For information about port security mode configuration, see "Configuring port security."
Configuration procedure
To enable parallel processing of MAC authentication and 802.1X authentication on a port:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter
Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3.
Enable parallel
processing of MAC
authentication and
802.1X authentication on
the port.
mac-authentication
parallel-with-dot1x
By default, this feature is disabled.
Configuring a MAC authentication guest VLAN
You must configure the MAC authentication guest VLAN on a hybrid port. Before you configure the
MAC authentication guest VLAN on a hybrid port, complete the following tasks:
• Enable MAC authentication globally and on the port.
• Enable MAC-based VLAN on the port.
• Create the VLAN to be specified as the MAC authentication guest VLAN.
• Configure the VLAN as an untagged member on the port.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals