Configuring MAC authentication on a port
You cannot add a MAC authentication-enabled port to a link aggregation group, or enable MAC
authentication on a port already in a link aggregation group.
To configure MAC authentication on a port:
Step
1.
Enter system view.
2.
Enable MAC authentication in
system view or interface view.
3.
Set the maximum number of
concurrent MAC authentication
users allowed on a port.
NOTE:
When both (and only both) 802.1X authentication and MAC authentication are enabled on a port, the
device waits for 30 seconds before performing MAC authentication for a non-802.1X user that first
accesses the network from the port.
Specifying a MAC authentication domain
By default, MAC authentication users are in the system default authentication domain. To implement
different access policies for users, you can specify authentication domains for MAC authentication users
in the following ways:
Specify a global authentication domain in system view. This domain setting applies to all ports.
•
Specify an authentication domain for an individual port in interface view.
•
MAC authentication chooses an authentication domain for users on a port in the following order: the
port-specific domain, the global domain, and the default domain. For more information about
authentication domains, see "Configuring AAA."
To specify an authentication domain for MAC authentication users:
Step
1.
Enter system view.
Command
system-view
•
In system view:
mac-authentication interface
interface-list
•
In interface view:
a.
interface interface-type
interface-number
b.
mac-authentication
mac-authentication max-user
user-number
Command
system-view
116
Remarks
N/A
Disabled by default.
Enable MAC authentication for
ports in bulk in system view or an
individual port in interface view.
Optional.
By default, the maximum number
is 1024.
Remarks
N/A