•
If 802.1X authentication fails, the MAC authentication result takes effect.
•
If 802.1X authentication succeeds, the device handles the port and the MAC address based on
the 802.1X authentication result.
Configuration restrictions and guidelines
When you enable parallel processing of MAC authentication and 802.1X authentication on a port,
follow these restrictions and guidelines:
•
Make sure the port meets the following requirements:
The port is configured with both 802.1X authentication and MAC authentication and
performs MAC-based access control for 802.1X authentication.
The port is enabled with the 802.1X unicast trigger.
•
For the port to perform MAC authentication before it is assigned to the 802.1X guest VLAN,
enable new MAC-triggered 802.1X guest VLAN assignment delay.
For information about new MAC-triggered 802.1X guest VLAN assignment delay, see
"Configuring
•
For the parallel processing feature to work correctly, do not enable MAC authentication delay on
the port. This operation will delay MAC authentication after 802.1X authentication is triggered.
•
To configure both 802.1X authentication and MAC authentication on the port, use one of the
following methods:
Enable the 802.1X and MAC authentication features separately on the port.
Enable port security on the port. The port security mode must be userlogin-secure-or-mac
or userlogin-secure-or-mac-ext.
For information about port security mode configuration, see
Configuration procedure
To enable parallel processing of MAC authentication and 802.1X authentication on a port:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Enable parallel
processing of MAC
authentication and
802.1X authentication on
the port.
Displaying and maintaining MAC authentication
Execute display commands in any view and reset commands in user view.
Task
Display MAC authentication information.
802.1X."
Command
system-view
interface interface-type
interface-number
mac-authentication
parallel-with-dot1x
Remarks
N/A
N/A
By default, this feature is disabled.
Command
display mac-authentication [ interface interface-type
interface-number ]
126
"Configuring port
security."