Configuration restrictions and guidelines
When you configure the MAC authentication guest VLAN on a port, follow these restrictions and guidelines:
The following table shows the relationships of the MAC authentication guest VLAN with other security features:
Feature
Relationship description
Reference
Quiet feature of MAC authentication
The MAC authentication guest VLAN feature has higher priority.
When a user fails MAC authentication, the user can access the resources in the guest VLAN. The user's MAC address is not marked as a silent MAC address.
Super VLAN
You cannot specify a VLAN as both a super VLAN and a MAC authentication guest VLAN.
See Layer 2—LAN Switching Configuration Guide.
Port intrusion protection
The guest VLAN feature has higher priority than the block MAC action but lower priority than the shutdown port action of the port intrusion protection feature.
See "Configuring port security."
The following matrix shows the location restrictions for the interface configured with MAC authentication guest VLAN and the interface connected to the external network on an eIRF system:
Location of the interface configured with MAC authentication guest VLAN
Location restrictions of the interface connected to the external network
A PEX
The interface cannot be on an interface module of the parent fabric or on other PEXs.
An interface module on the parent fabric
The interface cannot be on PEXs.
For more information about eIRF, see Virtual Technologies Configuration Guide.