Using triple authentication with other features

A triple authentication enabled access port also supports working with the following features.

VLAN assignment

After a terminal passes authentication, the authentication server assigns an authorized VLAN to the access port for the access terminal. The terminal can then access the network resources in the authorized VLAN.

Auth-Fail VLAN or MAC authentication guest VLAN

After a terminal fails authentication, the access port:

A terminal may undergo all three types of authentication. If it fails to pass all types of authentication, the access port adds the terminal to the 802.1X Auth-Fail VLAN.

ACL assignment

You can specify an authorization ACL for an authenticated user to control its access to network resources. After the user passes MAC authentication, the authentication server, either the local access device or a RADIUS server, assigns the ACL onto the access port to filter traffic for the user.

You must configure the ACLs on the access device, whether the authentication server is the access device or a remote AAA server.

Detection of online terminals

For more information about the extended functions, see "Configuring 802.1X", "Configuring MAC authentication", and "Configuring portal authentication."