Guest Vlan; Critical Vlan - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
Guest VLAN
The MAC authentication guest VLAN on a port accommodates users that have failed MAC
authentication for any reason other than server unreachable. For example, the VLAN
accommodates users with invalid password entered.
You can deploy a limited set of network resources in the MAC authentication guest VLAN. For
example, a software server for downloading software and system patches.
A hybrid port is always assigned to a MAC authentication guest VLAN as an untagged member. After
the assignment, do not reconfigure the port as a tagged member in the VLAN.
Table 11
shows the way that the network access device handles guest VLANs for MAC
authentication users.
Table 11 VLAN manipulation
Authentication status
A user in the MAC authentication
guest VLAN fails MAC
authentication for any reason
other than server unreachable.
A user in the MAC authentication
guest VLAN passes MAC
authentication.
Critical VLAN
The MAC authentication critical VLAN on a port accommodates users that have failed MAC
authentication because no RADIUS authentication servers are reachable. Users in a MAC
authentication critical VLAN can access only network resources in the critical VLAN.
The critical VLAN feature takes effect when MAC authentication is performed only through RADIUS
servers. If a MAC authentication user fails local authentication after RADIUS authentication, the user
is not assigned to the critical VLAN. For more information about the authentication methods, see
"Configuring
Table 12
shows the way that the network access device handles critical VLANs for MAC
authentication users.
Table 12 VLAN manipulation
Authentication status
A user fails MAC authentication because all the
RADIUS servers are unreachable.
A user in the MAC authentication critical VLAN
fails MAC authentication for any reason other
than server unreachable.
VLAN manipulation
The user is still in the MAC authentication guest VLAN.
The device remaps the MAC address of the user to the authorization
VLAN assigned by the authentication server.
If no authorization VLAN is configured for the user on the authentication
server, the device remaps the MAC address of the user to the PVID of
the port.
AAA."
VLAN manipulation
The device maps the MAC address of the user to the MAC
authentication critical VLAN.
The user is still in the MAC authentication critical VLAN if
the user fails MAC reauthentication because all the
RADIUS servers are unreachable.
If no MAC authentication critical VLAN is configured, the
device maps the MAC address of the user to the PVID of
the port.
If a guest VLAN has been configured, the device maps the
MAC address of the user to the guest VLAN.
If no guest VLAN is configured, the device maps the MAC
address of the user to the PVID of the port.
140
Advertisement
Table of Contents
Troubleshooting
