Critical Vlan; Configuration Task List; Basic Configuration For Mac Authentication - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
If a user in the guest VLAN passes MAC authentication, that user is removed from the guest VLAN and
can access all authorized network resources. If not, the user is still in the MAC authentication guest
VLAN.
A hybrid port is always assigned to a guest VLAN as an untagged member. After the assignment, do not
re-configure the port as a tagged member in the VLAN.
Critical VLAN
You can configure a MAC authentication critical VLAN on a port to accommodate users that fail MAC
authentication because no RADIUS authentication server is reachable. Users in a MAC authentication
critical VLAN can access a limit set of network resources depending on your configuration.
The critical VLAN feature takes effect when MAC authentication is performed only through RADIUS
servers. If a MAC authentication user fails local authentication after RADIUS authentication, the user is
not assigned to the critical VLAN. For more information about RADIUS configuration, see
AAA."
Any of the following RADIUS authentication server changes in the ISP domain for MAC authentication
users on a port can cause users to be removed from the critical VLAN:
An authentication server is added to the ISP domain and the server is reachable.
•
A response from a RADIUS authentication server is received.
•
The RADIUS server probing function detects that a RADIUS authentication server is reachable.
•
Configuration task list
Task
Basic configuration for MAC
•
Configuring MAC authentication globally
•
Configuring MAC authentication on a port
Specifying a MAC authentication domain
Configuring a MAC authentication guest VLAN
Configuring a MAC authentication critical VLAN
Configuring MAC authentication delay
Enabling MAC authentication multi-VLAN mode
Basic configuration for MAC authentication
Create and configure an authentication domain, also called "an ISP domain."
•
For local authentication, create local user accounts, and specify the lan-access service for the
•
accounts.
•
For RADIUS authentication, check that the device and the RADIUS server can reach each other, and
create user accounts on the RADIUS server.
If you are using MAC-based accounts, make sure that the username and password for each account is
the same as the MAC address of the MAC authentication users.
authentication:
106
"Configuring
Remarks
Required
Optional
Optional
Optional
Optional
Optional
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
