Mac-Authentication Guest-Vlan - HP 3600 v2 Series Command Reference Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
The global authentication domain is applicable to all MAC authentication enabled ports. A port specific
authentication domain is applicable only to the port. You can specify different authentication domains on
different ports.
A port chooses an authentication domain for MAC authentication users in this order: port specific
domain, global domain, and the default authentication domain.
Related commands: display mac-authentication.
Examples
# Specify the domain1 domain as the global authentication domain for MAC authentication users.
<Sysname> system-view
[Sysname] mac-authentication domain domain1
# Specify the aabbcc domain as the authentication domain for MAC authentication users on port
Ethernet 1/0/1.
[Sysname] interface ethernet 1/0/1
[Sysname-Ethernet1/0/1] mac-authentication domain aabbcc
mac-authentication guest-vlan
Syntax
mac-authentication guest-vlan guest-vlan-id
undo mac-authentication guest-vlan
View
Ethernet interface view
Default level
2: System level
Parameters
guest-vlan-id: Specifies a VLAN as the MAC authentication guest VLAN. The value range is from 1 to
4094. Make sure that the VLAN has been created and is not a super VLAN. For more information about
super VLANs, see Layer 2
Description
Use the mac-authentication guest-vlan command to specify a MAC authentication guest VLAN on a port.
Any users that have failed MAC authentication on the port is assigned to this VLAN, so they can access
a limited set of network resources, such as a software server, to download anti-virus software, and system
patches. After a user in the guest VLAN passes MAC authentication, it is removed from the guest VLAN
and can access all authorized network resources.
Use the undo mac-authentication guest-vlan command to remove the MAC authentication guest VLAN
from the port.
By default, no MAC authentication guest VLAN is configured on a port.
To use the MAC authentication guest VLAN function on a port, you must enable MAC-based VLAN on
the port, in addition to enabling MAC authentication both globally and on the port.
To delete a VLAN that has been set as a MAC authentication guest VLAN, remove the guest VLAN
configuration first.
LAN Switching Configuration Guide.
—
128
- Quick Links:
- Local User Configuration Commands
Hide quick links:
Advertisement
Table of Contents
