3com WX3000 User Manual

 

1-4 

Complete the following tasks to configure MAC address authentication enhanced function: 

Optional 

Configuring the Maximum Number of MAC Address 
Authentication Users Allowed to Access a Port 

Optional 

 

 

Different from Guest VLANs described in the 802.1x and System-Guard manual, Guest VLANs 

mentioned in this section refer to Guests VLANs dedicated to MAC address authentication.  

 

After completing configuration tasks in 

 for the device, 

the device can authenticate access users according to their MAC addresses or according to fixed 

usernames and passwords. The device will not learn MAC addresses of the clients failing in the 

authentication into its local MAC address table, thus prevent illegal users from accessing the network.  

In some cases, if the clients failing in the authentication are required to access some restricted 

resources in the network (such as the virus library update server), you can use the Guest VLAN.  

You can configure a Guest VLAN for each port of the device. When a client connected to a port fails in 

MAC address authentication, this port will be added into the Guest VLAN automatically. The MAC 

address of this client will also be learned into the MAC address table of the Guest VLAN, and thus the 

user can access the network resources of the Guest VLAN.  

After a port is added to a Guest VLAN, the device will re-authenticate the first access user of this port 

(namely, the first user whose unicast MAC address is learned by the device) periodically. If this user 

passes the re-authentication, this port will exit the Guest VLAN, and thus the user can access the 

network normally.