Configuring a MAC authentication critical VLAN
Follow the guidelines in Table 11 when you configure a MAC authentication critical VLAN on a port.
Table 11: Relationships of the MAC authentication critical VLAN with other security features
Feature | Relationship description | Reference |
---|---|---|
Quiet function of MAC authentication | The MAC authentication critical VLAN function has higher priority. When a user fails MAC authentication because no RADIUS authentication server is reachable, the user can access the resources in the critical VLAN, and the user's MAC address is not marked as a silent MAC address. | |
Port intrusion protection | The MAC authentication critical VLAN function has higher priority than the block MAC action but lower priority than the shutdown port action of the port intrusion protection feature. |
If MAC authentication clients in your network cannot trigger an immediate DHCP-assigned IP address renewal in response to a VLAN change, the MAC authentication users cannot access authorized network resources immediately after a MAC authentication is complete. As a solution, remind the MAC authentication users to release their IP addresses or repair their network connections for a DHCP reassignment after MAC authentication is complete.
Before you configure a MAC authentication critical VLAN on a port, complete the following tasks:
Enable MAC authentication.
Enable MAC-based VLAN on the port.
Create the VLAN to be specified as the MAC authentication critical VLAN.
To configure a MAC authentication critical VLAN:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet port view. | interface interface-type interface-number | N/A |
3. Specify a MAC authentication critical VLAN. | mac-authentication critical vlan critical-vlan-id | By default, no MAC authentication critical VLAN is configured. You can configure only one MAC authentication critical VLAN on a port. |