Step
4.
Enable MAC authentication on
the port.
Specifying a MAC authentication domain
By default, MAC authentication users are in the system default authentication domain. To implement
different access policies for users, you can use one of the following methods to specify authentication
domains for MAC authentication users:
Specify a global authentication domain in system view. This domain setting applies to all ports
•
enabled with MAC authentication.
•
Specify an authentication domain for an individual port in Layer 2 Ethernet interface view.
MAC authentication chooses an authentication domain for users on a port in this order: the port-specific
domain, the global domain, and the default domain. For more information about authentication
domains, see
To specify an authentication domain for MAC authentication users:
Step
1.
Enter system view.
2.
Specify an authentication
domain for MAC
authentication users.
Configuring the user account format
Step
1.
Enter system view.
2.
Configure the MAC
authentication user
account format.
"Configuring
AAA."
Command
system-view
•
In system view:
mac-authentication domain
domain-name
•
In Layer 2 Ethernet interface view:
Command
system-view
•
•
Command
mac-authentication
a.
interface interface-type
interface-number
b.
mac-authentication domain
domain-name
Use one MAC-based user account
for each user:
mac-authentication
user-name-format mac-address
[ { with-hyphen | without-hyphen }
[ lowercase | uppercase ] ]
Use one shared user account for all
users:
mac-authentication
user-name-format fixed [ account
name ] [ password { cipher |
simple } password ]
106
Remarks
By default, MAC authentication is
disabled on a port.
Remarks
N/A
By default, the system default
authentication domain is used for
MAC authentication users.
Remarks
N/A
By default, the device uses the
MAC address of a user as the
username and password for
MAC authentication. The MAC
address is in the hexadecimal
notation without hyphens, and
letters are in lower case.