User account policies ····························································································································· 114

Authentication methods ·························································································································· 114

VLAN assignment ·································································································································· 115

ACL assignment ····································································································································· 116

Redirect URL assignment ······················································································································ 117

Periodic MAC reauthentication ··············································································································· 117

Configuration prerequisites ···························································································································· 117

General guidelines and restrictions ················································································································ 117

Configuration task list ····································································································································· 118

Enabling MAC authentication ························································································································· 118

Specifying a MAC authentication domain ······································································································ 118

Configuring the user account format ·············································································································· 119

Setting MAC authentication timers ················································································································· 119

Enabling MAC authentication offline detection ······························································································ 120

Setting the maximum number of concurrent MAC authentication users on a port ········································· 120

Enabling MAC authentication multi-VLAN mode on a port ············································································ 120

Configuring MAC authentication delay ··········································································································· 121

Configuring a MAC authentication guest VLAN ····························································································· 121

Configuration prerequisites ···················································································································· 121

Configuration restrictions and guidelines ······························································································· 122

Configuration procedure ························································································································· 122

Configuring a MAC authentication critical VLAN ···························································································· 123

Enabling the MAC authentication critical voice VLAN ···················································································· 124

Configuration prerequisites ···················································································································· 124

Configuration procedure ························································································································· 124

Configuring the keep-online feature ··············································································································· 124

Including user IP addresses in MAC authentication requests ········································································ 125

Enabling parallel processing of MAC authentication and 802.1X authentication ··········································· 125

Configuration restrictions and guidelines ······························································································· 126

Configuration procedure ························································································································· 126

Displaying and maintaining MAC authentication ···························································································· 126

MAC authentication configuration examples ·································································································· 127

Local MAC authentication configuration example ·················································································· 127

RADIUS-based MAC authentication configuration example ·································································· 129

ACL assignment configuration example································································································· 131

Configuring portal authentication ································································ 134

Overview ························································································································································ 134

Extended portal functions ······················································································································· 134

Portal system components ····················································································································· 134

Interaction between portal system components ····················································································· 136

Portal authentication modes ··················································································································· 136

Portal support for EAP ··························································································································· 137

Portal authentication process ················································································································· 137

Portal configuration task list ··························································································································· 139

Configuring a portal authentication server ····································································································· 141

Configuring a portal Web server ···················································································································· 141

Enabling portal authentication on an interface ······························································································· 142

Configuration restrictions and guidelines ······························································································· 142

Configuration procedure ························································································································· 142

Specifying a portal Web server on an interface ····························································································· 143

Controlling portal user access ························································································································ 143

Configuring a portal-free rule ················································································································· 143

Configuring an authentication source subnet ························································································· 144

Configuring an authentication destination subnet ·················································································· 145

Setting the maximum number of portal users ························································································ 146

Specifying a portal authentication domain ····························································································· 146

Enabling outgoing packets filtering on a portal-enabled interface ·························································· 147

Configuring portal detection features ············································································································· 147

Configuring online detection of portal users ··························································································· 147

Configuring portal authentication server detection ················································································· 148

iii

Table of Contents