113
Table 13 Relationships of the MAC authentication critical VLAN with other security features
Quiet feature
authentication
The MAC authentication critical VLAN feature has
higher priority.
When a user fails MAC authentication because no
RADIUS authentication server is reachable, the
user can access the resource
VLAN. The user's MAC address is not marked as
a silent MAC address.
See "
authentication timers."
Super VLAN
You cannot specify a VLAN as both a super VLAN
and a MAC authentication critical VLAN.
See Layer 2—LAN
Switching Configuration
Guide.
Port intrusion protection
The critical VLAN feature has higher priority than
the block MAC action but lower priority than the
shutdown port action of the port intrusion
protection feature.
See "
security."
To configure the MAC authentication critical VLAN on a port:
1. Enter system view.
system-view
N/A
2. Enter
interface view.
interface
interface-type
interface-number
N/A
3. Specify the MAC
VLAN on the port.
mac-
authentication critical vlan
critical-vlan-id
By default, no MAC authentication
critical VLAN is
port.
You can configure only one MAC
authentication critical VLAN on a
port.
Enabling the MAC authentication critical voice
VLAN
This feature is available in Release 1121 and later.
The MAC authentication critical voice VLAN on a port accommodates MAC authentication voice
users who have failed authentication because none of the RADIUS servers in their ISP domain are
reachable.
Configuration prerequisites
Before you enable the MAC authentication critical voice VLAN on a port, complete the following
tasks:
• Enable LLDP both globally and on the port.
The device uses LLDP to identify voice users. For information about LLDP, see Layer 2—LAN
Switching Configuration Guide.
• Enable voice VLAN on the port.
To Next Page
Loading...
Need help?
General