Configuring a MAC authentication guest VLAN
Follow the guidelines in Table 8 when configuring a MAC authentication guest VLAN on a port.
Table 8: Relationships of the MAC authentication guest VLAN with other security features
Feature | Relationship description | Reference |
---|---|---|
Quiet function of MAC authentication | The MAC authentication guest VLAN function has higher priority. A user can access any resources in the guest VLAN. | See "MAC authentication timers." |
Super VLAN | You cannot specify a VLAN as both a super VLAN and a MAC authentication guest VLAN. | See Layer 2—LAN Switching Configuration Guide. |
Port intrusion protection | The MAC authentication guest VLAN function has higher priority than the block MAC action but lower priority than the shut down port action of the port intrusion protection feature. | See "Configuring port security." |
802.1X guest VLAN on a port that performs MAC-based access control | The MAC authentication guest VLAN has a lower priority. | See "Configuring 802.1X." |
If MAC authentication clients in your network cannot trigger an immediate DHCP-assigned IP address renewal in response to a VLAN change, the MAC authentication users cannot access authorized network resources immediately after a MAC authentication is complete. As a solution, remind the MAC authentication users to release their IP addresses or repair their network connections for a DHCP reassignment after MAC authentication is complete.
Before you configure a MAC authentication guest VLAN on a port, complete the following tasks:
Enable MAC authentication.
Enable MAC-based VLAN on the port.
Create the VLAN to be specified as the MAC authentication guest VLAN.
To configure a MAC authentication guest VLAN:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Specify a MAC authentication guest VLAN. | mac-authentication guest-vlan guest-vlan-id | By default, no MAC authentication guest VLAN is configured. You can configure only one MAC authentication guest VLAN on a port. |