116
Table 8 Relationships of the MAC authentication guest VLAN with other security features
Feature Relationship description Reference
Quiet function of MAC
authentication
The MAC authentication guest VLAN
function has higher priority. A user can
access any resources in the guest VLAN.
See “MAC authentication timers”
Super VLAN
You cannot specify a VLAN as both a super
VLAN and a MAC authentication guest
VLAN.
See the chapter “Super VLAN
configuration” in Layer 2
—
LAN
Switching Configuration Guide
Port intrusion protection
The MAC authentication guest VLAN
function has higher priority than the block
MAC action but lower priority than the shut
down port action of the port intrusion
protection feature.
See the chapter “Port security
configuration”
802.1X guest VLAN on a
port that performs
MAC-based access
control
The MAC authentication guest VLAN has a
lower priority.
See the chapter “802.1X
configuration”
Displaying and maintaining MAC authentication
To do… Use the command… Remarks
Display MAC authentication
information
display mac-authentication
[ interface interface-list ] [ | { begin
| exclude | include }
regular-expression ]
Available in any view
Clear MAC authentication statistics
reset mac-authentication statistics
[ interface interface-list ]
Available in user view
MAC authentication configuration examples
Local MAC authentication configuration example
Network requirements
In the network in Figure 48, perform local MAC authentication on port Ethernet 1/0/1 to control Internet
access. Make sure that:
• All users belong to domain aabbcc.net.
• Local users use their MAC address as the username and password for MAC authentication. The
MAC addresses are hyphen separated and in lower case.
• The access device detects whether a user has gone offline every 180 seconds. When a user fails
authentication, the device does not authenticate the user within 180 seconds.
To Next Page
Loading...
Need help?
General