265
Item Description
•
The periodic online user re-authentication timer can also be set by the
authentication server in the session-timeout attribute. The
server-assigned timer overrides the timer setting on the access
device, and it enables periodic online user re-authentication, even if
the function is not configured on the access device. Support for the
server assignment of re-authentication timer and the re-authentication
timer configuration on the server vary with servers.
•
The VLAN assignment status must be consistent before and after
re-authentication. If the authentication server has assigned a VLAN
before re-authentication, it must also assign a VLAN at
re-authentication. If the authentication server has assigned no VLAN
before re-authentication, it must not assign one at re-authentication.
Violation of either rule can cause the user to be logged off. The VLANs
assigned to an online user before and after re-authentication can be
the same or different.
Guest VLAN
Specify an existing VLAN as the guest VLAN.
For more information, see "
Configuring an 802.1X guest VLAN
."
Enable MAC VLAN
Specify whether to enable MAC-based VLAN.
Required when
MAC Based
is selected for
Port Control
.
NOTE:
Only hybrid ports support the feature.
Auth-Fail VLAN
Specify an existing VLAN as the Auth-Fail VLAN to accommodate users
that have failed 802.1X authentication.
For more information, see "
Configuring an 802.1X guest VLAN
Configuration prerequisites
•
Create the VLAN to be specified as the 802.1X guest VLAN.
•
If the 802.1X-enabled port performs MAC-based access control, configure the port as a hybrid
port, enable MAC-based VLAN on the port, and assign the port to the 802.1X guest VLAN as an
untagged member.
Configuration guidelines
•
The 802.1X guest VLANs on different ports can be different.
•
Assign different IDs to the port VLAN and the 802.1X guest VLAN on a port, so the port can
correctly process incoming VLAN tagged traffic.
•
With 802.1X authentication, a hybrid port is always assigned to a VLAN as an untagged
member. After the assignment, do not reconfigure the port as a tagged member in the VLAN.
•
Use
when you configure multiple security features on a port.
Table 99 Relationships of the 802.1X guest VLAN and other security features
Feature Relationship
description
MAC authentication guest VLAN on a port that
performs MAC-based access control
Only the 802.1X guest VLAN take effect. A user that
fails MAC authentication will not be assigned to the
MAC authentication guest VLAN.
802.1X Auth-Fail VLAN on a port that
performs MAC-based access control
The 802.1X Auth-Fail VLAN has a higher priority.
Port intrusion protection on a port that
The 802.1X guest VLAN function has higher priority
than the block MAC action, but it has lower priority
Summary of Contents for FlexNetwork NJ5000
Page 12: ...x Index 440 ...
Page 39: ...27 Figure 16 Configuration complete ...
Page 67: ...55 Figure 47 Displaying the speed settings of ports ...
Page 78: ...66 Figure 59 Loopback test result ...
Page 158: ...146 Figure 156 Creating a static MAC address entry ...
Page 183: ...171 Figure 171 Configuring MSTP globally on Switch D ...
Page 243: ...231 Figure 237 IPv6 active route table ...