115
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
3. Enable MAC authentication
delay and set the delay time.
mac-authentication timer
auth-delay time
By default, MAC authentication is
not delayed.
Enabling MAC authentication multi-VLAN mode
By default, a MAC authentication-enabled port forwards packets for an authenticated user only in the
VLAN where the user is authenticated. If the user forwards packets in a different VLAN, the port must
re-authenticate the user. After the user passes re-authentication, the port will update the MAC and VLAN
mapping of the user. For a user that sends various types of traffic (for example, data, video, and audio)
in multiple VLANs, frequent MAC re-authentication can downgrade the system performance and affect
data transmission quality.
The MAC authentication multi-VLAN mode enables a MAC authentication-enabled port to forward
packets for an authenticated user in up to five VLANs without re-authentication. When the port receives
a packet sourced from the user in a VLAN not matching the existing MAC-VLAN mapping, the device
performs the following tasks:
• Forwards the packet.
• Creates a new MAC-VLAN mapping for the user.
HP recommends that you configure this feature on hybrid or trunk ports.
For example, an IP phone, which can send tagged and untagged frames, is connected to a MAC
authentication-enabled port. The port receives tagged frames in VLAN 2 and untagged frames in VLAN
1. Before you enable the multi-VLAN mode on the port, the port must re-authenticate the IP phone
repeatedly, because it sends tagged frames and untagged frames alternately in different VLANs. After
you enable the multi-VLAN mode, the port can receive tagged and untagged frames alternately from the
IP phone without triggering a MAC re-authentication. The multi-VLAN mode improves the transmission
quality of data that is vulnerable to delay and interference.
To enable MAC authentication multi-VLAN mode on a port:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
3. Enable MAC authentication
multi-VLAN mode.
mac-authentication host-mode
multi-vlan
By default, a MAC-authenticated
user only can forward packets in
the VLAN where it was
authenticated.
Displaying and maintaining MAC authentication
To Next Page
Loading...
Need help?
General