Specifying A Mac Authentication Domain; Configuring A Mac Authentication Guest Vlan - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
Specifying a MAC authentication domain
By default, MAC authentication users are in the system default authentication domain. To implement
different access policies for users, you can specify authentication domains for MAC authentication users
in the following ways:
Specify a global authentication domain in system view. This domain setting applies to all ports.
•
•
Specify an authentication domain for an individual port in Ethernet interface view.
MAC authentication chooses an authentication domain for users on a port in this order: the
interface-specific domain, the global domain, and the default domain. For more information about
authentication domains, see
To specify an authentication domain for MAC authentication users:
Step
1.
Enter system view.
2.
Specify an authentication
domain for MAC
authentication users.
Configuring a MAC authentication guest VLAN
Follow the guidelines in
Table 10 Relationships of the MAC authentication guest VLAN with other security features
Feature
Quiet function of MAC
authentication
Super VLAN
Port intrusion protection
802.1X guest VLAN on a
port that performs
MAC-based access
control
"Configuring
AAA."
Command
system-view
•
In system view:
mac-authentication domain
domain-name
•
In interface view:
a.
interface interface-type
interface-number
b.
mac-authentication domain
domain-name
Table 10
when configuring a MAC authentication guest VLAN on a port.
Relationship description
The MAC authentication guest VLAN
function has higher priority. A user can
access any resources in the guest VLAN.
You cannot specify a VLAN as both a super
VLAN and a MAC authentication guest
VLAN.
The MAC authentication guest VLAN
function has higher priority than the block
MAC action but lower priority than the
shutdown port action of the port intrusion
protection feature.
The MAC authentication guest VLAN has a
lower priority.
108
Remarks
N/A
Use either method.
By default, the system default
authentication domain is used for
MAC authentication users.
Reference
See
"MAC authentication
See Layer 2
LAN Switching
—
Configuration Guide
See
"Configuring port
security"
See
"Configuring
802.1X"
timers"
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
