Configuration prerequisites ········································································································································· 106

Configuring a free IP ··················································································································································· 106

Configuring the redirect URL ······································································································································· 107

Setting the EAD rule timer ··········································································································································· 107

Displaying and maintaining EAD fast deployment ··································································································· 107

EAD fast deployment configuration example ············································································································ 108

Network requirements ········································································································································· 108

Configuration procedure ···································································································································· 108

Verifying the configuration ································································································································· 109

Troubleshooting EAD fast deployment ······················································································································· 110

Web browser users cannot be correctly redirected ································································································· 110

Configuring MAC authentication ··························································································································· 111

Overview ······································································································································································· 111

User account policies ·········································································································································· 111

Authentication approaches ································································································································ 111

MAC authentication timers ································································································································· 112

Using MAC authentication with other features ········································································································· 112

VLAN assignment ················································································································································ 112

ACL assignment ··················································································································································· 112

Guest VLAN ························································································································································· 112

Critical VLAN ······················································································································································· 113

Configuration task list ·················································································································································· 113

Basic configuration for MAC authentication ············································································································· 113

Configuring MAC authentication globally ········································································································ 114

Configuring MAC authentication on a port ····································································································· 114

Specifying a MAC authentication domain ················································································································ 115

Configuring a MAC authentication guest VLAN ······································································································ 115

Configuring a MAC authentication critical VLAN ···································································································· 116

Configuring MAC authentication delay ····················································································································· 117

Displaying and maintaining MAC authentication ···································································································· 117

MAC authentication configuration examples ············································································································ 118

Local MAC authentication configuration example··························································································· 118

RADIUS-based MAC authentication configuration example··········································································· 119

ACL assignment configuration example············································································································ 121

Configuring portal authentication ·························································································································· 124

Extended portal functions ··································································································································· 124

Portal system components ··································································································································· 124

Portal authentication modes ······························································································································· 126

Portal support for EAP ········································································································································· 127

Layer 3 portal authentication process ··············································································································· 127

Portal authentication across VPNs ····················································································································· 131

Specifying the portal server ········································································································································ 133

Enabling portal authentication ···································································································································· 133

Controlling access of portal users ······························································································································ 134

Configuring a portal-free rule····························································································································· 134

Configuring an authentication source subnet ··································································································· 135

Setting the maximum number of online portal users ························································································ 135

Specifying a portal authentication domain ······································································································ 136

Configuring RADIUS related attributes ······················································································································ 136

Specifying NAS-Port-Type for an interface ······································································································· 136

iii