Centralized MAC Address Authentication Configuration 271
Tab le 300 Auto VLAN
Before the VLAN is correctly received by the Switch 5500G-EI, you need to execute
the following command on the Switch 5500G-EI to use standard private-group-ID:
[5500-xx]private-group-id mode standard
Configuration Example
of Centralized MAC
Address Authentication
How to enable centralized MAC address authentication both on a port and
globally, and how to configure a local user are shown as follows. For other
configurations, see
“802.1x Configuration Example”.
The configurations of centralized MAC address authentication is similar to 802.1x,
their differences are:
1) Enabling centralized MAC address authentication both globally and on a port.
2) User name and password of the local authentication must be configured to the
MAC address of the user.
3) User name and password on the RADIUS server must be configured to the MAC
address of the user.
The following example shows how to enabling centralized MAC address
authentication both on a port and globally, and the way of configuring local user
are shown as follows. For other configurations, see
1 Enable centralized MAC address authentication on port Ethernet 1/0/2.
[SW5500]mac-authentication interface Ethernet 1/0/2
2 Add local access user.
a Set the user name and password.
[SW5500]local-user 00e0fc010101
[SW5500-luser-00e0fc010101]password simple 00e0fc010101
b Set the service type of the user to lan-access.
[SW5500-luser-00e0fc010101]service-type lan-access
3 Enable the MAC address authentication globally.
[SW5500]mac-authentication
4 Configure the ISP domain used by the user.
[SW5500]mac-authentication domain 3com163.net
For the configuration of the domain 3com163.net, see “802.1x Configuration
Example” on page 266.
Auto VLAN Return String Comment
Tunnel-Medium-type 802
Tunnel-Private-Group-ID 2 VLAN value
Tunnel-Type VLAN
To Next Page