Configuration Guide 802.1x Configuration
When the MAC VLAN is enabled on the port and the authentication mode is based on MAC, VLAN
assignment is implemented through dynamically generating MAC VLAN entry without changing the Native
VLAN of this port.
For the HYBRID port with MAC VLAN enabled or disabled, VLAN assignment will fail if the assigned VLAN
has been added to the port with TAG carried.
If the MAC VLAN is enabled on the port, VLAN assignment will create the MAC VLAN entry with the network
mask being all Fs. If the MAC address of 802.1x user is overridden by the statically configured MAC address
in the MAC VLAN entry with the network mask being not all Fs, the two MAC addresses must be same, that
is vlan-radius and vlan-static must be the same; otherwise, the following abnormities about 802.1x users of
VLAN assignment will occur: (The following listed do not cover all abnormities)
802.1x users can be authenticated successfully, but the legal data packets will be dropped after the
authentication, resulting in network access failure.
After the user sends EAPOL-LOGOFF message to goes offline, the authentication server still shows that
user is online as the 802.1x authentication entry is still in the device.
To enable the dynamic VLAN auto-switching function on an interface, run the following commands:
enable the AAA function
To Next Page
Loading...
