Specifying a MAC authentication domain
By default, MAC authentication users are in the system default authentication domain. To implement
different access policies for users, you can specify authentication domains for MAC authentication users
in the following ways:
Specify a global authentication domain in system view. This domain setting applies to all ports
•
enabled with MAC authentication.
•
Specify an authentication domain for an individual port in interface view.
MAC authentication chooses an authentication domain for users on a port in this order: the port-specific
domain, the global domain, and the default domain. For more information about authentication
domains, see
To specify an authentication domain for MAC authentication users:
Step
1.
Enter system view.
2.
Specify an authentication
domain for MAC
authentication users.
Configuring the user account format
To configure the MAC authentication user account format:
Step
1.
Enter system view.
2.
Configure the MAC
authentication user
account format.
Configuring MAC authentication timers
MAC authentication uses the following timers:
"Configuring
AAA."
Command
system-view
•
(Approach 1) In system view:
mac-authentication domain
domain-name
•
(Approach 2) In interface view:
Command
system-view
•
•
a.
interface interface-type
interface-number
b.
mac-authentication domain
domain-name
Use one MAC-based user account
for each user:
mac-authentication
user-name-format mac-address
[ { with-hyphen | without-hyphen }
[ lowercase | uppercase ] ]
Use one shared user account for all
users:
mac-authentication
user-name-format fixed [ account
name ] [ password { cipher |
simple } password ]
76
Remarks
N/A
Use either approach.
By default, the system default
authentication domain is used for
MAC authentication users.
Remarks
N/A
Use either approach.
By default, the device uses the
MAC address of a user as the
username and password for
MAC authentication. The MAC
address is in lower case without
hyphens.