138
Parameters
fixed
: Uses a shared account for all MAC authentication users.
account
name
: Specifies the username for the shared account. The name
takes a case-insensitive
string of 1 to 55 characters. If no username is specified, the default name
mac
applies.
password
: Specifies the password for the shared user account:
cipher
: Sets a ciphertext password.
simple
: Sets a plaintext password.
password
: Specifies the password. This argument is case sensitive. If
simple
is specified, it must be
a string of 1 to 63 characters. If
cipher
is specified, it must be a ciphertext string of 1 to 117
characters.
mac-address
: Uses MAC-based user accounts for MAC authentication users. If this option is
specified, you must create one user account for each user, and use the MAC address of the user as
both the username and password for the account. You can also specify the format of username and
password:
•
with-hyphen
—Hyphenates the MAC address, for example xx-xx-xx-xx-xx-xx.
•
without-hyphen
—Excludes hyphens from the MAC address, for example, xxxxxxxxxxxx.
•
lowercase
—Enters letters in lower case.
•
uppercase
—Capitalizes letters.
Usage guidelines
MAC authentication supports the following types of user account:
•
One MAC-based user account for each user. A user can pass MAC authentication only when its
MAC address matches a MAC-based user account. This method is suitable for an insecure
environment.
•
One shared user account for all users. Any user can pass MAC authentication on any MAC
authentication enabled port. You can use this method in a secure environment to limit network
resources accessible to MAC authentication users, for example, by assigning an authorized
ACL or VLAN for the shared account.
For security purposes, all passwords, including passwords configured in plain text, are saved in
cipher text to the configuration file.
Examples
# Configure a shared account for MAC authentication users, and set the username as
abc
and
password as a plaintext string of
xyz
.
<Sysname> system-view
[Sysname] mac-authentication user-name-format fixed account abc password simple xyz
# Configure a shared account for MAC authentication users, and set the username as
abc
and
password as a ciphertext string of
$c$3$Uu9Dh4xRKWa8RHW3TFnNTafBbhdPAg
.
<Sysname> system-view
[Sysname] mac-authentication user-name-format fixed account abc password cipher
$c$3$Uu9Dh4xRKWa8RHW3TFnNTafBbhdPAg
# Use MAC-based user accounts for MAC authentication users, and each MAC address must be
hyphenated, and in upper case.
<Sysname> system-view
[Sysname] mac-authentication user-name-format mac-address with-hyphen uppercase
Related commands
display mac-authentication