H3C MSR Series Command Reference Manual page 226
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
undo mac-authentication user-name-format
Default
Each user's MAC address is used as the username and password for MAC authentication. A MAC
address is in the hexadecimal notation without hyphens, and letters are in lower case.
Views
System view
Predefined user roles
network-admin
Parameters
fixed: Uses a shared account for all MAC authentication users.
account name: Specifies the username for the shared account. The name is a case-sensitive string
of 1 to 55 characters, excluding the at sign (@). If you do not specify a username, the default name
mac applies.
password: Specifies the password for the shared user account.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in
plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 63 characters. Its
encrypted form is a case-sensitive string of 1 to 117 characters.
mac-address: Uses MAC-based user accounts for MAC authentication users. You can also specify
the format of username and password by using the following keywords:
•
with-hyphen: Includes hyphens in the MAC address, for example xx-xx-xx-xx-xx-xx.
•
without-hyphen: Excludes hyphens from the MAC address, for example, xxxxxxxxxxxx.
•
lowercase: Enters letters in lower case.
•
uppercase: Enters letters in upper case.
Usage guidelines
If you specify the MAC-based user account, the device uses the MAC address of a user as the
username and password for MAC authentication of the user. This user account type ensures high
authentication security. However, you must create on the authentication server a user account for
each user, using the MAC address of the user as both the username and password.
If you specify a shared user account, the device uses the specified username and password for MAC
authentication of all users. Because all MAC authentication users use a single account for
authentication, you only need to create one account on the authentication server. This user account
type is suitable for trusted networks.
Examples
# Configure a shared account for MAC authentication users, set the username to abc and password
to plaintext string of xyz.
<Sysname> system-view
[Sysname] mac-authentication user-name-format fixed account abc password simple xyz
# Use MAC-based user accounts for MAC authentication users. Each MAC address must be in the
hexadecimal notation with hyphens, and letters are in upper case.
<Sysname> system-view
[Sysname] mac-authentication user-name-format mac-address with-hyphen uppercase
Related commands
display mac-authentication
203
Advertisement
Table of Contents
