406 CHAPTER 21: 802.1X CONFIGURATION
Centralized MAC
Address Authentication
Configuration
Centralized MAC address authentication configuration includes:
■Enabling MAC address authentication both globally and on the port
■Configuring domain name used by the MAC address authentication user
■Configuring centralized MAC address authentication timers
CAUTION: Note the following two items in local authentication:
■The MAC address which is used as local user name and password must be in the
"HHH" format and exclude hyphens.
■The service type of local user must be set to lan-access.
Enabling MAC Address
Authentication Both
Globally and On the Port
You can use the following commands to enable/disable the centralized MAC address
authentication on the specified port; if you do not specify the port, the feature is
enabled globally.
Perform the following configuration in System View or Ethernet Port View.
Table430 Enabling/Disabling Centralized MAC Address Authentication
You can configure the centralized MAC address authentication status on the ports
first. However, the configuration does not function on each port until the feature has
been enabled globally.
Centralized MAC address authentication and 802.1x cannot be used on the same
port together.
By default, the centralized MAC address authentication feature is disabled both on
each port and globally.
Configuring Centralized
MAC Address
Authentication Mode
Table431 lists the operations to configure centralized MAC address authentication
mode.
Operation Command
Enable centralized MAC address
authentication
mac-authentication [ interface interface_list
]
Disable centralized MAC address
authentication
undo mac-authentication [ interface
interface_list ]
Table431 Configure centralized MAC address authentication mode
Operation Command Description
Enter system view system-view
Configure centralized
MAC address
authentication mode
mac-authentication
authmode {
usernameasmacaddress |
usernamefixed }
Optional
By default, the authentication mode is
MAC address mode.