117
Configuring MAC authentication on a port
The following matrix shows the feature of configuring MAC authentication for a list of ports in system
view and hardware compatibility:
Hardware Feature compatibility
MSR900 No
MSR93X No
MSR20-1X No
MSR20 No
MSR30 Yes
MSR50 Yes
MSR1000 No
You cannot add a MAC authentication enabled port in to a link aggregation group, or enable MAC
authentication on a port already in a link aggregation group.
To configure MAC authentication on a port:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable MAC authentication in
system view or interface view.
• In system view:
mac-authentication
interface interface-list
• In interface view:
a. interface interface-type
interface-number
b. mac-authentication
Disabled by default.
Enable MAC authentication for
ports in bulk in system view or
an individual port in interface
view.
3. Set the maximum number of
concurrent MAC authentication
users allowed on a port.
mac-authentication max-user
user-number
Optional.
The default setting is 256.
4. Enable MAC authentication
multi-VLAN mode.
mac-authentication host-mode
multi-vlan
Optional.
By default, this function is
disabled on a port.
The MAC authentication
multi-VLAN mode enables a
MAC authentication-enabled
port to forward packets for an
authenticated user in multiple
VLANs without
re-authentication.
NOTE:
When both (and only both) 802.1X authentication and MAC authentication are enabled on a port,
the device waits for 30 seconds before performing MAC authentication for a non-802.1X user that
first accesses the network from the port.
To Next Page
Loading...
Need help?
General
