115
• Specify a global authentication domain in system view. This domain setting applies to all ports.
• Specify an authentication domain for an individual port in Ethernet interface view.
MAC authentication chooses an authentication domain for users on a port in this order: the
interface-specific domain, the global domain, and the default domain. For more information about
authentication domains, see the chapter “AAA configuration.”
Follow these steps to specify an authentication domain for MAC authentication users:
To do… Use the command… Remarks
Enter system view system-view —
Specify an authentication
domain for MAC
authentication users
mac-authentication domain
domain-name
Required
Use either approach.
By default, the system default
authentication domain is used for
MAC authentication users.
interface interface-type
interface-number
mac-authentication domain
domain-name
Configuring a MAC authentication guest VLAN
Configuration prerequisites
Before you configure a MAC authentication guest VLAN on a port, complete the following tasks:
• Enable MAC authentication.
• Enable MAC-based VLAN on the port.
• Create the VLAN to be specified as the MAC authentication guest VLAN.
Configuration procedure
Follow these steps to configure a MAC authentication guest VLAN:
To do… Use the command… Remarks
Enter system view system-view —
Enter Ethernet interface view
interface interface-type
interface-number
—
Specify a MAC authentication
guest VLAN
mac-authentication guest-vlan
guest-vlan-id
Required
By default, no MAC authentication
guest VLAN is configured.
You can configure only one MAC
authentication guest VLAN on a
port.
Follow the guidelines in Table 8 when configuring a MAC authentication guest VLAN on a port.
To Next Page
Loading...
Need help?
General