116
Configuration task list
Task Remarks
Basic configuration for MAC authentication
:
• Configuring MAC authentication globally
• Configuring MAC authentication on a port
Req
uired.
Specifying a MAC authentication domain
Optional.
Configuring MAC authentication delay
Optional.
Basic configuration for MAC authentication
Before you perform basic configuration for MAC authentication, complete the following tasks:
• Create and configure an authentication domain, also called "an ISP domain."
• For local authentication, create local user accounts, and specify the lan-access service for the
accounts.
• For RADIUS authentication, check that the device and the RADIUS server can reach each other,
and create user accounts on the RADIUS server.
If you are using MAC-based accounts, make sure the username and password for each account is
the same as the MAC address of the MAC authentication users.
Configuring MAC authentication globally
MAC authentication can take effect on a port only when it is enabled globally and on the port.
To configure MAC authentication globally:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable MAC
authentication
globally.
mac-authentication
Disabled by default.
3. Configure MAC
authentication
timers.
mac-authentication
timer
{
offline-detect
offline-detect-value |
quiet
quiet-value |
server-timeout
server-timeout-value }
Optional.
By default, the offline detect timer is 300
seconds, the quiet timer is 60 seconds,
and the server timeout timer is 100
seconds.
4. Configure the
properties of MAC
authentication
user accounts.
mac-authentication
user-name-format
{
fixed
[
account
name ] [
password
{
cipher
|
simple
} password ]
|
mac-address
[ {
with-hyphen
|
without-hyphen
} [
lowercase
|
uppercase
] ] }
Optional.
By default, the username and password for
a MAC authentication user account must
be a MAC address in lower case without
hyphens.
NOTE:
When global MAC authentication is enabled, the EAD fast deployment function cannot take effect.
To Next Page
Loading...
Need help?
General
