1-4MAC Address Authentication Enhanced Function ConfigurationMAC Address Authentication Enhanced Function Configuration TasksComplete the following tasks to configure MAC address authentication enhanced function:Task RemarksConfiguring a Guest VLAN OptionalConfiguring the Maximum Number of MAC AddressAuthentication Users Allowed to Access a Port OptionalConfiguring a Guest VLANDifferent from Guest VLANs described in the 802.1x and System-Guard manual, Guest VLANsmentioned in this section refer to Guests VLANs dedicated to MAC address authentication.After completing configuration tasks in Configuring Basic MAC Authentication Functions for the device,the device can authenticate access users according to their MAC addresses or according to fixedusernames and passwords. The device will not learn MAC addresses of the clients failing in theauthentication into its local MAC address table, thus prevent illegal users from accessing the network.In some cases, if the clients failing in the authentication are required to access some restrictedresources in the network (such as the virus library update server), you can use the Guest VLAN.You can configure a Guest VLAN for each port of the device. When a client connected to a port fails inMAC address authentication, this port will be added into the Guest VLAN automatically. The MACaddress of this client will also be learned into the MAC address table of the Guest VLAN, and thus theuser can access the network resources of the Guest VLAN.After a port is added to a Guest VLAN, the device will re-authenticate the first access user of this port(namely, the first user whose unicast MAC address is learned by the device) periodically. If this userpasses the re-authentication, this port will exit the Guest VLAN, and thus the user can access thenetwork normally.
