•
If 802.1X authentication succeeds, the device handles the port and the MAC address based on
the 802.1X authentication result.
Configuration restrictions and guidelines
When you enable parallel processing of MAC authentication and 802.1X authentication on a port,
follow these restrictions and guidelines:
•
Make sure the port meets the following requirements:
The port is configured with both 802.1X authentication and MAC authentication and
performs MAC-based access control for 802.1X authentication.
The port is enabled with the 802.1X unicast trigger.
•
For the port to perform MAC authentication before it is assigned to the 802.1X guest VLAN,
enable new MAC-triggered 802.1X guest VLAN assignment delay.
For information about new MAC-triggered 802.1X guest VLAN assignment delay, see
"Configuring
•
For the port to perform MAC authentication before it is assigned to the 802.1X guest VSI,
enable new MAC-triggered 802.1X guest VSI assignment delay.
For information about new MAC-triggered 802.1X guest VSI assignment delay, see
"Configuring
•
For the parallel processing feature to work correctly, do not enable MAC authentication delay on
the port. This operation will delay MAC authentication after 802.1X authentication is triggered.
•
To configure both 802.1X authentication and MAC authentication on the port, use one of the
following methods:
Enable the 802.1X and MAC authentication features separately on the port.
Enable port security on the port. The port security mode must be userlogin-secure-or-mac
or userlogin-secure-or-mac-ext.
For information about port security mode configuration, see
Configuration procedure
To enable parallel processing of MAC authentication and 802.1X authentication on a port:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Enable parallel
processing of MAC
authentication and
802.1X authentication on
the port.
Configuring a MAC authentication guest VLAN
Configuration prerequisites
You must configure the MAC authentication guest VLAN on a hybrid port. Before you configure the
MAC authentication guest VLAN on a hybrid port, complete the following tasks:
802.1X."
802.1X."
Command
system-view
interface interface-type
interface-number
mac-authentication
parallel-with-dot1x
Remarks
N/A
N/A
By default, this feature is disabled.
149
"Configuring port
security."