Configuring Mac Authentication Delay; Enabling Mac Authentication Multi-Vlan Mode - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
resources immediately after a MAC authentication is complete. As a solution, remind the MAC
authentication users to release their IP addresses or repair their network connections for a DHCP
reassignment after MAC authentication is complete.
Before you configure a MAC authentication critical VLAN on a port, complete the following tasks:
Enable MAC authentication.
•
Enable MAC-based VLAN on the port.
•
Create the VLAN to be specified as the MAC authentication critical VLAN.
•
To configure a MAC authentication critical VLAN:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
port view.
3.
Specify a MAC
authentication critical
VLAN.
Configuring MAC authentication delay
When both 802.1X authentication and MAC authentication are enabled on a port, you can delay MAC
authentication, so that 802.1X authentication is preferentially triggered.
To configure MAC authentication delay:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Enable MAC authentication
delay and set the delay time.
Enabling MAC authentication multi-VLAN mode
By default, a port saves the MAC-VLAN mapping entry for a MAC authenticated user, and forwards
packets that match the entry. If the user sends packets with a different VLAN, the port re-authenticates the
user and updates the MAC-VLAN mapping entry on the port. For a user that sends various types of traffic
(for example, data, video, and audio) in multiple VLANs with the same MAC address, frequent MAC
re-authentication downgrades the system performance and affects data transmission quality.
The MAC authentication multi-VLAN mode enables a port to forward packets for the authenticated user
in up to five VLANs without re-authentication. When the port receives a packet sourced from the
authenticated MAC address in a different VLAN, the device does not authenticate the user or update the
original MAC-VLAN mapping entry on the port. It adds a new MAC-VLAN mapping entry for the MAC
address.
Command
system-view
interface interface-type
interface-number
mac-authentication critical vlan
critical-vlan-id
Command
system-view
interface interface-type
interface-number
mac-authentication timer
auth-delay time
110
Remarks
N/A
N/A
By default, no MAC authentication
critical VLAN is configured.
You can configure only one MAC
authentication critical VLAN on a
port.
Remarks
N/A
N/A
By default, MAC authentication is
not delayed.
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
