Configuring Mac Authentication Delay - HP 3600 v2 Series Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
Table 11 Relationships of the MAC authentication critical VLAN with other security features
Feature
Quiet function of MAC
authentication
Super VLAN
Port intrusion protection
If MAC authentication clients in your network cannot trigger an immediate DHCP-assigned IP address
renewal in response to a VLAN change, the MAC authentication users cannot access authorized network
resources immediately after a MAC authentication is complete. As a solution, remind the MAC
authentication users to release their IP addresses or repair their network connections for a DHCP
reassignment after MAC authentication is complete.
Before you configure a MAC authentication critical VLAN on a port, complete the following tasks:
Enable MAC authentication.
•
Enable MAC-based VLAN on the port.
•
•
Create the VLAN to be specified as the MAC authentication critical VLAN.
To configure a MAC authentication critical VLAN:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
port view.
3.
Specify a MAC
authentication critical
VLAN.
Configuring MAC authentication delay
When both 802.1X authentication and MAC authentication are enabled on a port, you can delay MAC
authentication, so that 802.1X authentication is preferentially triggered.
To configure MAC authentication delay:
Relationship description
The MAC authentication critical VLAN
function has higher priority.
When a user fails MAC authentication
because no RADIUS authentication server is
reachable, the user can access the resources
in the critical VLAN, and the user's MAC
address is not marked as a silent MAC
address.
You cannot specify a VLAN as both a super
VLAN and a MAC authentication critical
VLAN.
The MAC authentication critical VLAN
function has higher priority than the block
MAC action but lower priority than the
shutdown port action of the port intrusion
protection feature.
Command
system-view
interface interface-type
interface-number
mac-authentication critical vlan
critical-vlan-id
114
Reference
See
"MAC authentication
See Layer 2
LAN Switching
—
Configuration Guide
See
"Configuring port
security"
Remarks
N/A
N/A
By default, no MAC authentication
critical VLAN is configured.
You can configure only one MAC
authentication critical VLAN on a
port.
timers"
Advertisement
Table of Contents
Troubleshooting
