Web and MAC Authentication

Operating Rules and Notes

Operating Rules and Notes

The switch supports concurrent 802.1X , Web and MAC authentication operation on a port (with up to 2 clients allowed). However, concur- rent operation of Web and MAC authentication with other types of authentication on the same port is not supported. That is, the following authentication types are mutually exclusive on a given port:

Web and/or MAC Authentication (with or without 802.1X)

MAC lockdown

MAC lockout

Port-Security

Order of Precedence for Port Access Management (highest to lowest):

a.MAC lockout

b.MAC lockdown or Port Security

c.Port-based Access Control (802.1X) or Web Authentication or MAC Authentication

Port Access

When configuring a port for Web or MAC Authentication, be sure that a higher

Management

precedent port access management feature is not enabled on the port. For

 

example, be sure that Port Security is disabled on a port before configuring

 

the port for Web or MAC Authentication. If Port Security is enabled on the

 

port this misconfiguration does not allow Web or MAC Authentication to

 

occur.

 

VLANs: If your LAN does not use multiple VLANs, then you do not

 

 

need to configure VLAN assignments in your RADIUS server or

 

consider using either Authorized or Unauthorized VLANs. If your LAN

 

does use multiple VLANs, then some of the following factors may

 

apply to your use of Web-Auth and MAC-Auth.

 

Web-Auth and MAC-Auth operate only with port-based VLANs. Oper-

 

ation with protocol VLANs is not supported, and clients do not have

 

access to protocol VLANs during Web-Auth and MAC-Auth sessions.

 

• A port can belong to one, untagged VLAN during any client session.

 

Where multiple authenticated clients may simultaneously use the

 

same port, they must all be capable of operating on the same VLAN.

 

• During an authenticated client session, the following hierarchy deter-

 

mines a port’s VLAN membership:

3-12