Ignoring The Authorization Information From The Radius Server - 3Com 4210 9-Port Configuration Manual
Switch 4210 family
Hide thumbs
Also See for 4210 9-Port:
- Configuration manual (567 pages) ,
- Getting started (80 pages) ,
- Datasheet (8 pages)
Table of Contents
Advertisement
To do...
Enter system view
Set the interval at which the
switch triggers MAC address
authentication after a port is
added to the guest VLAN
Enter Ethernet port view
Set the security mode to
macAddressOrUserLoginSe
cure
Specify a VLAN as the guest
VLAN of the port
Note that:
Only an existing VLAN can be specified as a guest VLAN. Make sure the guest VLAN of a port
contain the resources that the users need.
If one user of the port has passed or is undergoing authentication, you cannot specify a guest
VLAN for it.
When a user using a port with a guest VLAN specified fail the authentication, the port is added to
the guest VLAN.
Multiple users may connect to one port in the macAddressOrUserLoginSecure mode for
authentication; however, after a guest VLAN is specified for the port, only one user can pass the
security authentication. In this case, the authentication client software of the other 802.1x users
displays messages about the failure; MAC address authentication does not have any client
software and therefore no such messages will be displayed.
To change the security mode from macAddressOrUserLoginSecure mode of a port that is
assigned to a guest VLAN, execute the undo port-security guest-vlan command first to remove
the guest VLAN configuration.
For a port configured with both the port-security guest-vlan and port-security intrusion-mode
disableport commands, when authentication of a user fails, only the intrusion detection feature is
triggered. The port is not added to the specified guest VLAN.
It is not recommended to configure the port-security guest-vlan and port-security
intrusion-mode blockmac commands simultaneously for a port. Because when the
authentication of a user fails, the blocking MAC address feature will be triggered and packets of the
user will be dropped, making the user unable to access the guest VLAN.
Ignoring the Authorization Information from the RADIUS Server
After an 802.1x user or MAC-authenticated user passes Remote Authentication Dial-In User Service
(RADIUS) authentication, the RADIUS server delivers the authorization information to the device. You
can configure a port to ignore the authorization information from the RADIUS server.
Follow these steps to configure a port to ignore the authorization information from the RADIUS server:
To do...
Enter system view
Use the command...
system-view
port-security timer
guest-vlan-reauth interval
interface interface-type
interface-number
port-security port-mode
userlogin-secure-or-mac
port-security guest-vlan vlan-id
Use the command...
system-view
1-9
Remarks
—
Optional
—
Required
Required
Remarks
—
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 4210 9-Port and is the answer not in the manual?
Questions and answers