100
To do… Use the command… Remarks
authentication users.
interface interface-type interface-
number
mac-authentication domain domain-
name
Use either approach.
By default, the system default
authentication domain is used for
MAC authentication users.
Configuring a MAC authentication guest VLAN
Configuration prerequisites
Before you configure a MAC authentication guest VLAN on a port, complete the following tasks:
• Enable MAC authentication.
• Enable MAC-based VLAN on the port.
• Create the VLAN to be specified as the MAC authentication guest VLAN.
Configuration procedure
To configure a MAC authentication guest VLAN:
To do… Use the command… Remarks
1. Enter system view.
system-view —
2. Enter Ethernet interface
view.
interface interface-type interface-
number
—
3. Specify a MAC
authentication guest
VLAN.
mac-authentication guest-vlan guest-
vlan-id
Required.
By default, no MAC authentication
guest VLAN is configured.
You can configure only one MAC
authentication guest VLAN on a
port.
Follow the guidelines in Table 8 when you configure a MAC authentication guest VLAN on a port.
Table 8 Relationships of the MAC authentication guest VLAN with other security features
Feature Relationship description Reference
Quiet function of MAC
authentication
The MAC authentication guest VLAN
function has higher priority. A user can
access any resources in the guest VLAN.
See "MAC authentication timers."
Port intrusion protection
The MAC authentication guest VLAN
function has higher priority than the block
MAC action but lower priority than the shut
down port action of the port intrusion
protection feature.
See "Configuring port security."
802.1X guest VLAN on a
port that performs MAC-
based access control
The MAC authentication guest VLAN has a
lower priority.
See "Configuring 802.1X."
To Next Page
Loading...
Need help?
General