Centralized MAC Address Authentication Configuration 269
user name and password. The authentication to the user initiates after the Switch
detects the user’s MAC address for the first time.
The Switch 5500G-EI supports local and RADIUS MAC address authentication.
When it functions as the RADIUS client and works with the RADIUS server to finish
the MAC address authentication, it sends the detected user MAC address used as
the user name and password to the RADIUS server and the rest processing is the
same to 802.1x. After passing the authentication conducted by the RADIUS server,
the user then can access the network.
Centralized MAC
Address Authentication
Configuration
Centralized MAC address authentication configuration includes:
■ Enabling MAC address authentication both globally and on the port
■ Configuring domain name used by the MAC address authentication user
■ Configuring centralized MAC address authentication timers
CAUTION: Note the following two items in local authentication:
The MAC address which is used as local user name and password must be in the
"HHH" format and exclude hyphens.
The service type of local user must be set to lan-access.
Enabling MAC Address
Authentication Both
Globally and On the Port
You can use the following commands to enable/disable the centralized MAC
address authentication on the specified port; if you do not specify the port, the
feature is enabled globally.
Perform the following configuration in System View or Ethernet Port View.
Tab le 296 Enabling/Disabling Centralized MAC Address Authentication
You can configure the centralized MAC address authentication status on the ports
first. However, the configuration does not function on each port until the feature
has been enabled globally.
CAUTION: Centralized MAC address authentication and 802.1x cannot be used
on the same port together.
By default, the centralized MAC address authentication feature is disabled both on
each port and globally.
Configuring Domain
Name Used by the MAC
Address Authentication
User
You can use the following commands to configure the ISP domain used by the
centralized MAC address authentication user.
Perform the following configuration in System View.
Operation Command
Enable centralized MAC address
authentication
mac-authentication [ interface
interface_list
]
Disable centralized MAC address
authentication
undo mac-authentication [ interface
interface_list
]
To Next Page