Optional) Configuring The Guest Vlan For Mac Address Authentication; Optional) Setting The Maximum Number Of Access Users Who Adopt Mac Address Authentication - Huawei Quidway S9300 Configuration Manual

2 NAC Configuration
2.5.8 (Optional) Configuring the Guest VLAN for MAC Address
Authentication
Context
If the MAC authentication fails after the guest VLAN function is enabled, the S9300 adds the
access interface of the user to the guest VLAN. Then users in the guest VLAN can access
resources in the guest VLAN without MAC address authentication. Authentication, however, is
required when such users access external resources. Thus certain resources are available for
users without authentication.
You can configure the guest VLAN in the following ways.
Procedure
l
l
----End
2.5.9 (Optional) Setting the Maximum Number of Access Users
Who Adopt MAC Address Authentication
2-28
NOTE
The VLAN to be configured as the guest VLAN must exist in the system and cannot be the default VLAN
of the interface.
In the system view:
1. Run:
system-view
The system view is displayed.
2. Run:
mac-authen guest-vlan vlan-id interface { interface-type interface-
number1 [ to interface-number2 ] } &<1-10>
The guest VLAN of interfaces is configured.
You can configure the guest VLAN of interfaces in batches by specifying the interface
list in the mac-authen guest-vlan command in the system view.
In the interface view:
1. Run:
system-view
The system view is displayed.
2. Run:
interface { ethernet | gigabitethernet } interface-number
The interface view is displayed.
3. Run:
mac-authen guest-vlan vlan-id
The guest VLAN of the interface is configured.
By default, no guest VLAN is configured on an interface.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Quidway S9300 Terabit Routing Switch
Configuration Guide - Security
Issue 06 (2010–01–08)