|| Rate this content|
HP 5500/5800/7500 Switch Series - How to Make dot1x and mac Authentication Enable on the Port with Guest vlan Feature
For a secured wired-access, the dot1x authentication is used to authenticate the normal PC based on the domain user name. While the mac authentication is used to authenticate the phone/printer or other non-dot1x client based on their mac address.
To provide further flexibility, user would like to have both dot1x authentication and mac authentication enable on the same time. Therefore if a dot1x capable device connects to the port, dot1x authentication occurs. If a non-dot1x device connects to the port, without receiving any EAP response, the switch will use the connected mac-address to authenticate the device.
This document is to explain:
To enable dot1x authentication and mac authentication on the switch port at the same time, port security must be enabled, instead of using dot1x or mac-authentication. Also the port security mode needs to be user login-secure-or-mac. To enable the guest vlan for dot1x and mac authentication, the switch port need to be hybrid mode instead of access mode, with mac-vlan enable.
A successful example is provided as below:
The guest vlan of mac authentication and dot1x authentication can be the same or different.