80
For more information about configuring local authentication and RADIUS authentication, see
"Configuring AAA."
Configuration prerequisites
Before you configure MAC authentication, complete the following tasks:
1. Configure an ISP domain and specify an AAA method. For more information, see "Configuring
AAA."
{ For local authentication, you must also create local user accounts (including usernames and
passwords), and specify the lan-access service for local users.
{ For RADIUS authentication, make sure the device and the RADIUS server can reach each other,
and create user accounts on the RADIUS server. If you are using MAC-based accounts, make
sure the username and password for each account are the same as the MAC address of each
MAC authentication user.
2. Make sure the port security feature is disabled. For more information about port security, see
"Configuring port security."
Configuration task list
Tasks at a glance
(Required.) Enabling MAC authentication
(Optional.) Specifying a MAC authentication domain
(Optional.) Configuring the user account format
(Optional.) Configuring MAC authentication timers
(Optional.) Setting the maximum number of concurrent MAC authentication users on a port
(Optional.) Configuring MAC authentication delay
Enabling MAC authentication
For MAC authentication to take effect on a port, you must enable it globally and on the port.
MAC authentication is exclusive with link aggregation group or service loopback group:
• You cannot enable MAC authentication on a port already in a link aggregation group or a service
loopback group.
• You cannot add a MAC authentication enabled port to a link aggregation group or a service
loopback group.
To enable MAC authentication:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable MAC authentication
globally.
mac-authentication
By default, MAC authentication is
disabled globally.
To Next Page
Loading...
Need help?
General
