Specifying a MAC authentication domain
By default, MAC authentication users are in the system default authentication domain. To implement
different access policies for users, you can use one of the following methods to specify
authentication domains for MAC authentication users:
•
Specify a global authentication domain in system view. This domain setting applies to all ports
enabled with MAC authentication.
•
Specify an authentication domain for an individual port in Layer 2 Ethernet interface view.
MAC authentication chooses an authentication domain for users on a port in this order: the
port-specific domain, the global domain, and the default domain. For more information about
authentication domains, see
To specify an authentication domain for MAC authentication users:
Step
1.
Enter system view.
2.
Specify an authentication
domain
authentication users.
Configuring the user account format
Step
1.
Enter system view.
2.
Configure
authentication
account format.
Configuring MAC authentication timers
MAC authentication uses the following timers:
•
Offline detect timer—Sets the interval that the device waits for traffic from a user before the
device regards the user idle. If a user connection has been idle within the interval, the device
"Configuring
Command
system-view
•
In
mac-authentication
domain-name
•
In Layer 2 Ethernet interface
view:
for
MAC
a. interface
interface-number
b. mac-authentication
domain domain-name
Command
system-view
•
Use
account
mac-authentication
user-name-format mac-address
[
without-hyphen } [ lowercase |
the
MAC
uppercase ] ]
user
•
Use one shared user account for
all
mac-authentication
user-name-format
[ account name ] [ password
{ cipher | simple } password ]
AAA."
system
view:
domain
interface-type
one
MAC-based
user
for
each
user:
{
with-hyphen
users:
fixed
108
Remarks
N/A
By default, the system default
authentication domain is used for
MAC authentication users.
Remarks
N/A
By default, the device uses the
|
MAC address of a user as the
username and password for
MAC authentication. The MAC
address is in the hexadecimal
notation without hyphens, and
letters are in lower case.