For local authentication, create local user accounts, and specify the lan-access service for the
•
accounts.
For RADIUS authentication, verify that the device and the RADIUS server can reach each other, and
•
create user accounts on the RADIUS server.
If you are using MAC-based accounts, make sure the username and password for each account is the
same as the MAC address of the MAC authentication users.
Configuring MAC authentication globally
MAC authentication can take effect on a port only when it is enabled globally and on the port.
To configure MAC authentication globally:
Step
1.
Enter system view.
2.
Enable MAC
authentication
globally.
3.
Configure MAC
authentication
timers.
4.
Configure the
properties of MAC
authentication user
accounts.
NOTE:
When global MAC authentication is enabled, the EAD fast deployment function cannot take effect.
Configuring MAC authentication on a port
You cannot add a MAC authentication enabled port in to a link aggregation group, or enable MAC
authentication on a port already in a link aggregation group.
To configure MAC authentication on a port:
Step
1.
Enter system view.
2.
Enable MAC authentication.
Command
system-view
mac-authentication
mac-authentication timer
{ offline-detect offline-detect-value |
quiet quiet-value | server-timeout
server-timeout-value }
mac-authentication
user-name-format { fixed [ account
name ] [ password { cipher |
simple } password ] | mac-address
[ { with-hyphen | without-hyphen }
[ lowercase | uppercase ] ] }
Command
system-view
•
(Approach 1) In system view:
mac-authentication interface
interface-list
•
(Approach 2) In interface view:
a.
interface interface-type
interface-number
b.
mac-authentication
114
Remarks
N/A
Disabled by default.
Optional.
By default, the offline detect timer is 300
seconds, the quiet timer is 60 seconds, and
the server timeout timer is 100 seconds.
Optional.
By default, the switch uses the source MAC
address of a user as the username and
password for MAC authentication, and the
MAC address is unhyphenated and in lower
case.
Remarks
N/A
Use either approach.
Disabled by default.
Enable MAC authentication for
ports in bulk in system view or an
individual port in interface view.