98
MAC authentication guest VLAN is configured, the user that fails MAC authentication cannot access any
network resources.
If a user in the guest VLAN passes MAC authentication, it is removed from the guest VLAN and can
access all authorized network resources. If not, the user is still in the MAC authentication guest VLAN.
NOTE:
A hybrid port is always assigned to a guest VLAN as an untagged member. After the assignment, do
not re-configure the port as a tagged member in the VLAN.
MAC authentication configuration task list
Perform these tasks to configure MAC authentication:
Basic configuration for MAC
authentication
Configuring MAC authentication
globally
Configuring MAC authentication
on a port
Specifying an authentication domain for MAC authentication users
Configuring a MAC authentication guest VLAN
Basic configuration for MAC authentication
Configuration prerequisites
ï‚· Create and configure an authentication domain, also called "an ISP domain."
ï‚· For local authentication, create local user accounts, and specify the lan-access service for the
accounts.
ï‚· For RADIUS authentication, check that the device and the RADIUS server can reach each other, and
create user accounts on the RADIUS server.
NOTE:
If you are using MAC-based accounts, ensure that the username and password for each account is the
same as the MAC address of the MAC authentication users.
Configuration procedure
MAC authentication can take effect on a port only when it is configured globally and on the port.
Configuring MAC authentication globally
Follow these steps to configure MAC authentication globally:
To Next Page
Loading...
Need help?
General