authentication ipv6-control enable
Function
The authentication ipv6-control enable command enables network admission control for IPv6 users.
The undo authentication ipv6-control enable command disables network admission control for IPv6 users.
By default, the network admission control function is disabled for IPv6 users.
On the S5720-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S5730-HI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, or S6720-HI that functions as the parent in an SVF system, the configuration of this command does not take effect and is delivered to ASs.
Usage Guidelines
Usage Scenario
By default, after NAC authentication is enabled on the device, IPv6 users can access the network without being authenticated in some scenarios. To ensure security, access right control can be enabled for IPv6 users, so that IPv6 users can access the network after being authenticated.
Precautions
Product |
Authentication Mode |
Disable Network Admission Control for IPv6 Users (by Default) |
Enable Network Admission Control for IPv6 Users |
||||
|---|---|---|---|---|---|---|---|
Not Authenticated |
Pre-connected |
Authenticated |
Not Authenticated |
Pre-connected |
Authenticated |
||
S5720-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S5730-HI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, or S6720-HI |
802.1X authentication on Layer 2 Ethernet interfaces |
Not permitted |
Not permitted |
Permitted |
This command does not take effect. |
||
MAC address authentication on VLANIF interfaces |
Not permitted |
Not permitted |
Permitted |
||||
MAC address authentication on Layer 2 Ethernet interfaces |
Not permitted |
Not permitted |
Permitted |
||||
Layer 2 Portal authentication on VLANIF interfaces |
Not permitted |
Not permitted |
Permitted |
||||
Layer 2 Portal authentication on Layer 2 Ethernet interfaces |
Not permitted |
Not permitted |
Permitted |
||||
Layer 3 Portal authentication on VLANIF interfaces |
Not permitted |
Layer 3 Portal authentication does not support pre-connection. |
Not permitted |
||||
Layer 3 Portal authentication on Layer 3 Ethernet interfaces |
Not permitted |
Layer 3 Portal authentication does not support pre-connection. |
Not permitted |
||||
All the other switches except for the S5720-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S5730-HI, S5735-L, S5735S-L, S5735S-L-M, S5735-S, S5735S-S, S5735-S-I, or S6720-HI |
802.1X authentication on Layer 2 Ethernet interfaces |
Not permitted |
Permitted |
Permitted |
Not permitted |
Not permitted |
Permitted |
MAC address authentication on VLANIF interfaces |
Permitted |
Permitted |
Permitted |
Not permitted |
Not permitted |
Permitted |
|
MAC address authentication on Layer 2 Ethernet interfaces |
Not permitted |
Permitted |
Permitted |
Not permitted |
Not permitted |
Permitted |
|
Layer 2 Portal authentication on VLANIF interfaces |
Permitted |
Permitted |
Permitted |
Not permitted |
Not permitted |
Permitted |
|
Layer 2 Portal authentication on Layer 2 Ethernet interfaces |
Not permitted |
Permitted |
Permitted |
Not permitted |
Not permitted |
Permitted |
|
Layer 3 Portal authentication on VLANIF interfaces |
Permitted |
Layer 3 Portal authentication does not support pre-connection. |
Permitted |
Not permitted |
Layer 3 Portal authentication does not support pre-connection. |
Not permitted |
|
Layer 3 Portal authentication on Layer 3 Ethernet interfaces NOTE:
Only the S5720-EI, S6720-EI, and S6720S-EI support this authentication mode. |
Permitted |
Layer 3 Portal authentication does not support pre-connection. |
Permitted |
Not permitted |
Layer 3 Portal authentication does not support pre-connection. |
Not permitted |
|