347
Item Description
the 802.1X guest VLAN on a port that performs MAC-based
access control. If a user fails both types of authentication, the
access port adds the user to the 802.1X guest VLAN. For more
information about 802.1X guest VLANs, see "
."
•
The MAC authentication Auth-Fail VLAN function has higher
priority than the quiet function of MAC authentication.
•
The MAC authentication Auth-Fail VLAN function has higher
priority than the block MAC action, but it has lower priority than
the shutdown port action of the port intrusion protection feature.
For more information about port intrusion protection, see
"
MAC authentication configuration examples
Local MAC authentication configuration example
Network requirements
As shown in
, configure local MAC authentication on port GigabitEthernet 1/0/1 to control
Internet access, as follows:
•
Configure all users to belong to the domain
aabbcc.net
, and specify local authentication for
users in the domain.
•
Use the MAC address of each user as the username and password for authentication, and
require that the MAC addresses is hyphenated and in lower case.
•
Configure the access device to detect whether a user has gone offline every 180 seconds.
When a user fails authentication, the device does not authenticate the user within 180 seconds.
Figure 373 Network diagram
Configuring a local user
# Add a local user. Set the username and password as
00-e0-fc-12-34-56
, the MAC address of the
user. Set the service type to LAN access. (Details not shown.)
Configuring AAA
1.
From the navigation tree, select
Authentication
>
AAA
.
2.
On the
Domain Setup
page, enter the domain name
aabbcc.net
and click
Apply
.
Summary of Contents for FlexNetwork NJ5000
Page 12: ...x Index 440 ...
Page 39: ...27 Figure 16 Configuration complete ...
Page 67: ...55 Figure 47 Displaying the speed settings of ports ...
Page 78: ...66 Figure 59 Loopback test result ...
Page 158: ...146 Figure 156 Creating a static MAC address entry ...
Page 183: ...171 Figure 171 Configuring MSTP globally on Switch D ...
Page 243: ...231 Figure 237 IPv6 active route table ...