Configuration restrictions and guidelines

When you enable parallel processing of MAC authentication and 802.1X authentication on a port, follow these restrictions and guidelines:

• Make sure the port meets the following requirements:

  • The port is configured with both 802.1X authentication and MAC authentication and performs MAC-based access control for 802.1X authentication.

  • The port is enabled with the 802.1X unicast trigger.

• For the port to perform MAC authentication before it is assigned to the 802.1X guest VLAN, enable new MAC-triggered 802.1X guest VLAN assignment delay.

  For information about new MAC-triggered 802.1X guest VLAN assignment delay, see "Configuring 802.1X."

• For the parallel processing feature to work correctly, do not enable MAC authentication delay on the port. This operation will delay MAC authentication after 802.1X authentication is triggered.

• To configure both 802.1X authentication and MAC authentication on the port, use one of the following methods:

  • Enable the 802.1X and MAC authentication features separately on the port.

  • Enable port security on the port. The port security mode must be userlogin-secure-or-mac or userlogin-secure-or-mac-ext.

    For information about port security mode configuration, see "Configuring port security."