Configuring a MAC authentication guest VLAN

Follow the guidelines in Table 10 when configuring a MAC authentication guest VLAN on a port.

Table 10: Relationships of the MAC authentication guest VLAN with other security features

Feature

Relationship description

Reference

Quiet function of MAC authentication

The MAC authentication guest VLAN function has higher priority. A user can access any resources in the guest VLAN.

See "MAC authentication timers"

Port intrusion protection

The MAC authentication guest VLAN function has higher priority than the block MAC action but lower priority than the shutdown port action of the port intrusion protection feature.

See "Configuring port security"

802.1X guest VLAN on a port that performs MAC-based access control

The MAC authentication guest VLAN has a lower priority.

See "Configuring 802.1X"

If MAC authentication clients in your network cannot trigger an immediate DHCP-assigned IP address renewal in response to a VLAN change, the MAC authentication users cannot access authorized network resources immediately after a MAC authentication is complete. As a solution, remind the MAC authentication users to release their IP addresses or repair their network connections for a DHCP reassignment after MAC authentication is complete.

Before you configure a MAC authentication guest VLAN on a port, complete the following tasks:

To configure a MAC authentication guest VLAN:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter Ethernet port view.

interface interface-type interface-number

N/A

3. Specify a MAC authentication guest VLAN.

mac-authentication guest-vlan guest-vlan-id

By default, no MAC authentication guest VLAN is configured.

You can configure only one MAC authentication guest VLAN on a port.