Section, Configuring the maximum – H3C Technologies H3C S3100 Series Switches User Manual
Page 461
1-6
z
The Auth-Fail VLAN for MAC authentication takes precedence over the guest VLAN for MAC
authentication. When both of them are configured on a user access port and they are different
VLANs, a user failing MAC authentication on the port will be added to the Auth-Fail VLAN, that is,
the user is authorized to access resources in the Auth-Fail VLAN.
z
The undo vlan command cannot be used to remove the VLAN configured as a guest VLAN. If you
want to remove this VLAN, you must remove the guest VLAN configuration for it first. Refer to the
VLAN module in this manual for the description on the undo vlan command.
z
Only one guest VLAN can be configured for a port, and the VLAN configured as the guest VLAN
must be an existing VLAN. Otherwise, the guest VLAN configuration does not take effect. If you
want to change the guest VLAN for a port, you must remove the current guest VLAN and then
configure a new guest VLAN for this port.
z
802.1x authentication cannot be enabled for a port configured with a MAC authentication guest
VLAN.
Configuring the Maximum Number of MAC Address Authentication Users Allowed to
Access a Port
You can configure the maximum number of MAC address authentication users for a port in order to
control the maximum number of users accessing a port. After the number of access users has
exceeded the configured maximum number, the switch will not trigger MAC address authentication for
subsequent access users, and thus these subsequent access users cannot access the network
normally.
Table 1-4 Configure the maximum number of MAC address authentication users allowed to access a
port
Operation
Command
Description
Enter system view
system-view
—
Enter Ethernet port view
interface interface-type
interface-number
—
Configure the maximum
number of MAC address
authentication users allowed
to access a port
mac-authentication
max-auth-num user-number
Required
By default, the maximum number
of MAC address authentication
users allowed to access a port is
256.