Configuring MAC authentication ··························································································································· 101

Overview ······································································································································································· 101

User account policies ·········································································································································· 101

Authentication methods······································································································································· 101

VLAN assignment ················································································································································ 102

ACL assignment ··················································································································································· 104

User profile assignment ······································································································································ 104

Periodic MAC reauthentication ·························································································································· 104

Configuration prerequisites ········································································································································· 104

Configuration task list ·················································································································································· 105

Enabling MAC authentication ···································································································································· 105

Specifying a MAC authentication domain ················································································································ 106

Configuring the user account format ·························································································································· 106

Setting MAC authentication timers ····························································································································· 107

Setting the maximum number of concurrent MAC authentication users on a port ················································ 107

Enabling MAC authentication multi-VLAN mode on a port ····················································································· 108

Configuring MAC authentication delay ····················································································································· 108

Configuring a MAC authentication guest VLAN ······································································································ 109

Configuring a MAC authentication critical VLAN ···································································································· 109

Configuring the keep-online feature ··························································································································· 110

Displaying and maintaining MAC authentication ···································································································· 111

MAC authentication configuration examples ············································································································ 111

Local MAC authentication configuration example··························································································· 111

RADIUS-based MAC authentication configuration example··········································································· 113

ACL assignment configuration example············································································································ 115

Configuring portal authentication ·························································································································· 118

Extended portal functions ··································································································································· 118

Portal system components ··································································································································· 118

Interaction between portal system components ································································································ 120

Portal authentication modes ······························································································································· 120

Portal authentication process ····························································································································· 121

Portal configuration task list ········································································································································ 123

Configuring a portal authentication server················································································································ 124

Configuring a portal Web server ······························································································································· 125

Enabling portal authentication on an interface ········································································································· 125

Configuration restrictions and guidelines ········································································································· 125

Configuration procedure ···································································································································· 126

Referencing a portal Web server for an interface ···································································································· 126

Controlling portal user access ···································································································································· 126

Configuring a portal-free rule····························································································································· 126

Configuring an authentication source subnet ··································································································· 127

Configuring an authentication destination subnet ··························································································· 128

Setting the maximum number of portal users ··································································································· 129

Specifying a portal authentication domain ······································································································ 129

Configuring portal detection features ························································································································ 130

Configuring online detection of portal users ···································································································· 130

Configuring portal authentication server detection ·························································································· 131

Configuring portal Web server detection ········································································································· 132

Configuring portal user synchronization ··········································································································· 133

Configuring the portal fail-permit feature ·················································································································· 134

Configuring BAS-IP for unsolicited portal packets sent to the portal authentication server ·································· 134

Applying a NAS-ID profile to an interface ················································································································ 135

iii