Manualsbrain.com
  1. Manuales
  2. Marcas
  3. 3com
  4. S7906E
  5. Instruccion De Instalación

3com S7906E Instruccion De Instalación

Descargar
Página de 2621
 
1-12 
If a user of a port in the guest VLAN initiates authentication process but fails the authentication, the 
device will add the user to the Auth-Fail VLAN of the port configured for the port, if any. If no Auth-Fail 
VLAN is configured, the device will keep the user in the guest VLAN.  
If a user of a port in the guest VLAN initiates authentication and passes the authentication, the device 
will add the user to the assigned VLAN or return the user to the initial VLAN of the port, depending on 
whether the authentication server assigns a VLAN. 
Auth-Fail VLAN 
The Auth-Fail VLAN feature allows users failing authentication to access a specified VLAN, which is 
called the Auth-Fail VLAN. Note that failing authentication means being denied by the authentication 
server due to reasons such as wrong password. Authentication failures caused by authentication 
timeout or network connection problems do not fall into this category. 
Similar to a guest VLAN, an Auth-Fail VLAN can be a port-based Auth-Fail VLAN (PAFV) or a 
MAC-based Auth-Fail VLAN (MAFV), depending on the port access control method. 
1) PAFV 
PAFV refers to the Auth-Fail VLAN configured on a port that uses the port-based access control method. 
With PAFV configured on a port, if a user on the port fails authentication, the port will be added to the 
Auth-Fail VLAN and all users accessing the port will be authorized to access the resources in the 
Auth-Fail VLAN. The device adds a PAFV-configured port into the Auth-Fail VLAN according to the 
port’s link type in the similar way as described in 
.  
If a user of a port in the Auth-Fail VLAN initiates authentication but fails the authentication, the port stays 
in the Auth-Fail VLAN. If the user passes the authentication successfully, the port leaves the Auth-Fail 
VLAN, and: 
If the authentication server assigns a VLAN, the port joins the assigned VLAN. After the user goes 
offline, the port returns to its initial VLAN, that is, the VLAN the port was in before it was added to 
any authorized VLAN. 
If the authentication server assigns no VLAN, the port returns to its initial VLAN. After the client 
goes offline, the port still stays in its initial VLAN. 
2) MAFV 
MAFV refers to the Auth-Fail VLAN configured on a port that uses the MAC-based access control 
method. With MAFV configured on a port, if a user on the port fails authentication, the user will be 
authorized to access the resources in the Auth-Fail VLAN. If the user initiates authentication again and 
passes the authentication, the device will add the user to the assigned VLAN or return the user to the 
initial VLAN of the port, depending on whether the authentication server assigns a VLAN. 
ACL assignment 
ACLs provide a way of controlling access to network resources and defining access rights. When a user 
logs in through a port, and the RADIUS server is configured with authorization ACLs, the device will 
permit or deny data flows traversing through the port according to the authorization ACLs. Before 
specifying authorization ACLs on the server, you need to configure the ACL rules on the device. You 
can change the access rights of users by modifying authorization ACL settings on the RADIUS server or 
changing the corresponding ACL rules on the device. 
Mandatory authentication domain for a specified port 
The mandatory authentication domain function provides a security control mechanism for 802.1X 
access. With a mandatory authentication domain specified for a port, the system uses the mandatory