112
When you configure the MAC authentication guest VLAN on a port, follow the guidelines in Table 12.
Table 12 Relationships of the MAC authentication guest VLAN with other security features
Quiet feature
authentication
The MAC authentication guest VLAN feature
has higher priority.
When a user fails MAC authentication, the
user can access the resources in the guest
VLAN. The user's MAC address is not marked
as a silent MAC address.
See "
authentication timers."
Super VLAN
You cannot specify a VLAN as both a super
VLAN and a MAC authentication guest VLAN.
See Layer 2—LAN Switching
Configuration Guide.
Port intrusion protection
The guest VLAN feature has higher priority
than the block MAC action but lower priority
than the shutdown port action of the port
intrusion protection feature.
See "
security."
To configure the MAC authentication guest VLAN on a port:
1. Enter system view.
system-view
N/A
2. Enter
interface view.
interface
interface-type
interface-number
N/A
3. Specify the MAC
VLAN on the port.
mac-authentication
guest-vlan
guest-vlan-id
By default, no MAC authentication guest
VLAN is specified on a port.
You can configure only one MAC
authentication guest VLAN on a port.
4.
(Optional.) Set the
authentication interval
for users in the MAC
authentication guest
VLAN.
mac-authentication
guest-vlan auth-period
period-value
The default setting is 30 seconds.
This command is available in Release
1121 and later.
Configuring a MAC authentication critical VLAN
You must configure the MAC authentication critical VLAN on a hybrid port. Before you configure the
MAC authentication critical VLAN on a hybrid port, complete the following tasks:
• Enable MAC authentication globally and on the port.
• Enable MAC-based VLAN on the port.
• Create the VLAN to be specified as the MAC authentication critical VLAN.
• Configure the VLAN as an untagged member on the port.
When you configure the MAC authentication critical VLAN on a port, follow the guidelines in Table
13.
To Next Page
Loading...
