105
1.
Configure an ISP domain and specify an AAA method. For more information, see "
."
{
For local authentication, you must also create local user accounts (including usernames and
passwords), and specify the
lan-access
service for local users.
{
For RADIUS authentication, make sure the device and the RADIUS server can reach each other,
and create user accounts on the RADIUS server. If you are using MAC-based accounts, make
sure the username and password for each account are the same as the MAC address of each
MAC authentication user.
2.
Make sure the port security feature is disabled. For more information about port security, see
"
."
Configuration task list
Tasks at a glance
Specifying a MAC authentication domain
Configuring the user account format
Setting MAC authentication timers
Setting the maximum number of concurrent MAC authentication users on a port
Enabling MAC authentication multi-VLAN mode on a port
Configuring MAC authentication delay
Configuring a MAC authentication guest VLAN
Configuring a MAC authentication critical VLAN
Configuring the keep-online feature
Enabling MAC authentication
For MAC authentication to take effect on a port, you must enable the feature globally and on the port.
MAC authentication is exclusive with link aggregation group.
•
You cannot enable MAC authentication on a port already in a link aggregation group.
•
You cannot add a MAC authentication-enabled port to a link aggregation group.
To enable MAC authentication:
Step
Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable MAC authentication
globally.
mac-authentication
By default, MAC authentication is
disabled globally.
3.
Enter Layer 2 Ethernet interface
view.
interface
interface-type
interface-number
N/A