EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #131 background imageLoading...
Page #131 background image
118
Specifying a MAC authentication domain
By default, MAC authentication users are in the system default authentication domain. To implement
different access policies for users, you can specify authentication domains for MAC authentication
users in the following ways:
• Specify a global authentication domain in system view. This domain setting applies to all ports.
• Specify an authentication domain for an individual port in interface view.
MAC authentication chooses an authentication domain for users on a port in the following order: the
port-specific domain, the global domain, and the default domain. For more information about
authentication domains, see "Configuring AAA."
To specify an authentication domain for MAC authentication users:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Specify an authentication
domain for MAC
authentication users in
system view or interface
view.
• In system view:
mac-authentication domain
domain-name
• In interface view:
a. interface interface-type
interface-number
b. mac-authentication
domain domain-name
By default, the system default
authentication domain is used for
MAC authentication users.
Configuring MAC authentication delay
When both 802.1X authentication and MAC authentication are enabled on a port, you can delay
MAC authentication so that 802.1X authentication is preferentially triggered. If no 802.1X
authentication is triggered or 802.1X authentication fails within the delay period, the port continues to
process MAC authentication.
Do not set the port security mode to mac-else-userlogin-secure or
mac-else-userlogin-secure-ext when you use MAC authentication delay. The delay does not take
effect on a port in either of the two modes. For more information about port security modes, see
"Configuring port security."
To configure MAC authentication delay:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3. Enable MAC authentication
delay and set the delay
timer.
mac-authentication timer
auth-delay
time
By default, MAC authentication
delay is disabled.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals