105
1. Configure an ISP domain and specify an AAA method. For more information, see "Configuring
AAA."
{ For local authentication, you must also create local user accounts (including usernames and
passwords), and specify the lan-access service for local users.
{ For RADIUS authentication, make sure the device and the RADIUS server can reach each other,
and create user accounts on the RADIUS server. If you are using MAC-based accounts, make
sure the username and password for each account are the same as the MAC address of each
MAC authentication user.
2. Make sure the port security feature is disabled. For more information about port secu
rity, see
"Confi
guring port security
."
Configuration task list
Tasks at a glance
(Required.) Enabling MAC authentication
(Optional.) Specifying a MAC authentication domain
(Optional.) Configuring the user account format
(Optional.) Setting MAC authentication timers
(Optional.) Setting the maximum number of concurrent MAC authentication users on a port
(Optional.) Enabling MAC authentication multi-VLAN mode on a port
(Optional.) Configuring MAC authentication delay
(Optional.) Configuring a MAC authentication guest VLAN
(Optional.) Configuring a MAC authentication critical VLAN
(Optional.) Configuring the keep-online feature
Enabling MAC authentication
For MAC authentication to take effect on a port, you must enable the feature globally and on the port.
MAC authentication is exclusive with link aggregation group.
• You cannot enable MAC authentication on a port already in a link aggregation group.
• You cannot add a MAC authentication-enabled port to a link aggregation group.
To enable MAC authentication:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable MAC authentication
globally.
mac-authentication
By default, MAC authentication is
disabled globally.
3. Enter Layer 2 Ethernet interface
view.
interface interface-type
interface-number
N/A
To Next Page
Loading...
Need help?
General