99
Enable MAC authentication
globally
Required
Disabled by default
Configure MAC
authentication timers
mac-authentication timer { offline-
detect offline-detect-value | quiet quiet-
value | server-timeout server-timeout-
value }
Optional
By default, the offline detect timer
is 300 seconds, the quiet timer is
60 seconds, and the server
timeout timer is 100 seconds.
Configure the properties of
MAC authentication user
accounts
mac-authentication user-name-format
{ fixed [ account name ] [ password {
cipher | simple } password ] | mac-
address [ { with-hyphen | without-
hyphen } [ lowercase | uppercase ] ] }
Optional
By default, the username and
password for a MAC
authentication user account must
be a MAC address in lower case,
and the MAC address is hyphen
separated.
Configuring MAC authentication on a port
Follow these steps to configure MAC authentication on a port:
Enable MAC
authentication for
specified ports
mac-authentication interface
interface-list
Required
Use either approach.
Disabled by default
In Layer 2 Ethernet
interface view
interface interface-type
interface-number
Set the maximum number of concurrent MAC
authentication users allowed on a port
mac-authentication max-user
user-number
NOTE:
You cannot enable MAC authentication on a link aggregation member port. If MAC authentication is
enabled on a port, you cannot assign it to a link aggregation.
Specifying an authentication domain for MAC
authentication users
By default, MAC authentication users are in the system default authentication domain. To implement
different access policies for users, you can specify authentication domains for MAC authentication users:
ï‚· Specify a global authentication domain in system view. This domain setting applies to all ports.
ï‚· Specify an authentication domain for an individual port in interface view.
To Next Page
Loading...
Need help?
General