Using triple authentication with other features
A triple authentication enabled access port supports working with the following features.
VLAN assignment
After a terminal passes authentication, the authentication server assigns an authorized VLAN to the access port for the access terminal. The terminal can then access the network resources in the authorized VLAN.
Auth-Fail VLAN or MAC authentication guest VLAN
After a terminal fails authentication, the access port:
Adds the terminal to an Auth-Fail VLAN, if it uses 802.1X or portal authentication service.
Adds the terminal to a MAC authentication guest VLAN, if it uses MAC authentication service.
A terminal may undergo all three types of authentication. If it fails to pass all types of authentication, the access port adds the terminal to the 802.1X Auth-Fail VLAN.
ACL assignment
You can specify an authorization ACL for an authenticated user to control its access to network resources. After the user passes MAC authentication, the authentication server, either the local access device or a RADIUS server, assigns the ACL onto the access port to filter traffic for the user.
You must configure the ACLs on the access device, whether the authentication server is the access device or a remote AAA server.
Detection of online terminals
You can enable an online detection timer, which is configurable, to detect online portal clients.
You can enable the online handshake or periodic re-authentication function to detect online 802.1X clients at a configurable interval.
You can enable an offline detection timer to detect online MAC authentication terminals at a configurable interval.
For more information about the extended functions, see "Configuring 802.1X," "Configuring MAC authentication," and "Configuring portal authentication."