98
Task Remarks
Specifying an authentication domain for MAC authentication users Optional
Configuring a MAC authentication guest VLAN Optional
Configuring a MAC authentication critical VLAN Optional
Basic configuration for MAC authentication
Configuration prerequisites
• Create and configure an authentication domain, also called "an ISP domain."
• For local authentication, create local user accounts, and specify the lan-access service for the
accounts.
• For RADIUS authentication, check that the device and the RADIUS server can reach each other, and
create user accounts on the RADIUS server.
NOTE:
If you are using MAC-based accounts, ensure that the username and password for each account is the
same as the MAC address of the MAC authentication users.
Configuration procedure
MAC authentication can take effect on a port only when it is configured globally and on the port.
Configuring MAC authentication globally
Follow these steps to configure MAC authentication globally:
To do… Use the command… Remarks
Enter system view system-view —
Enable MAC authentication
globally
mac-authentication
Required
Disabled by default
Configure MAC
authentication timers
mac-authentication timer
{ offline-detect offline-detect-value |
quiet quiet-value | server-timeout
server-timeout-value }
Optional
By default, the offline detect timer is
300 seconds, the quiet timer is 60
seconds, and the server timeout
timer is 100 seconds.
Configure the properties of
MAC authentication user
accounts
mac-authentication user-name-format
{ fixed [ account name ] [ password
{ cipher | simple } password ] |
mac-address [ { with-hyphen |
without-hyphen } [ lowercase |
uppercase ] ] }
Optional
By default, the username and
password for a MAC
authentication user account must
be a MAC address in lower case,
and the MAC address is hyphen
separated.
To Next Page
Loading...
