Configuring a MAC authentication guest VSI
Restrictions and guidelines
The MAC authentication guest VSI feature has higher priority than the quiet feature of MAC authentication. When a user fails MAC authentication, the user can access the resources in the guest VSI. The user's MAC address is not marked as a silent MAC address.
You can configure only one MAC authentication guest VSI on a port. The MAC authentication guest VSIs on different ports can be different.
Prerequisites
Before you configure the MAC authentication guest VSI on a port, complete the following tasks:
Enable L2VPN.
Create the VSI to be specified as the MAC authentication guest VSI, and create a VXLAN for the VSI.
Make sure MAC-based traffic matching for dynamic Ethernet service instances is enabled on the port.
For more information, see VXLAN Configuration Guide.
Procedure
Enter system view.
system-view
Enter interface view.
interface interface-type interface-number
Specify the MAC authentication guest VSI on the port.
mac-authentication guest-vsi guest-vsi-name
By default, no MAC authentication guest VSI exists on a port.
(Optional.) Set the authentication interval for users in the MAC authentication guest VSI.
mac-authentication guest-vsi auth-period period-value
The default setting is 30 seconds.