Task
Basic configuration for MAC
•
Configuring MAC authentication globally
•
Configuring MAC authentication on a port
Specifying a MAC authentication domain
Basic configuration for MAC authentication
Before you perform basic configuration for MAC authentication, complete the following tasks:
Create and configure an authentication domain, also called "an ISP domain."
•
For local authentication, create local user accounts, and specify the lan-access service for the
•
accounts.
•
For RADIUS authentication, check that the device and the RADIUS server can reach each other, and
create user accounts on the RADIUS server.
If you are using MAC-based accounts, make sure the username and password for each account is the
same as the MAC address of the MAC authentication users.
Configuring MAC authentication globally
MAC authentication can take effect on a port only when it is enabled globally and on the port.
To configure MAC authentication globally:
Step
1.
Enter system view.
2.
Enable MAC
authentication
globally.
3.
Configure MAC
authentication
timers.
4.
Configure the
properties of MAC
authentication user
accounts.
NOTE:
When global MAC authentication is enabled, the EAD fast deployment function cannot take effect. For
more information, see "Configuring 802.1X."
authentication:
Command
system-view
mac-authentication
mac-authentication timer
{ offline-detect offline-detect-value |
quiet quiet-value | server-timeout
server-timeout-value }
mac-authentication
user-name-format { fixed [ account
name ] [ password { cipher |
simple } password ] | mac-address
[ { with-hyphen | without-hyphen }
[ lowercase | uppercase ] ] }
115
Remarks
Required.
Optional.
Remarks
N/A
Disabled by default.
Optional.
By default, the offline detect timer is 300
seconds, the quiet timer is 60 seconds, and
the server timeout timer is 100 seconds.
Optional.
By default, the username and password for
a MAC authentication user account must be
a MAC address (without hyphens) in lower
case.