beautypg.com

Configuring mac authentication on a port – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 149

background image

135

Step Command

Remarks

3.

Configure MAC
authentication timers.

mac-authentication timer
{ offline-detect offline-detect-value |
quiet quiet-value | server-timeout

server-timeout-value }

Optional.
By default, the offline detect timer is

300 seconds, the quiet timer is 60
seconds, and the server timeout

timer is 100 seconds.

4.

Configure the properties
of MAC authentication

user accounts.

mac-authentication user-name-format
{ fixed [ account name ] [ password

{ cipher | simple } password ] |
mac-address [ { with-hyphen |

without-hyphen } [ lowercase |

uppercase ] ] }

Optional.
By default, the username and
password for a MAC

authentication user account must

be a MAC address in lower case
without hyphens.

Configuring MAC authentication on a port

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable MAC authentication.

In system view:

mac-authentication interface

interface-list

In interface view:

a.

interface interface-type

interface-number

b.

mac-authentication

Disabled by default.
Enable MAC authentication for
ports in bulk in system view or

an individual port in interface

view.

3.

Set the maximum number of
concurrent MAC authentication

users allowed on a port.

mac-authentication max-user
user-number

Optional.
The default maximum number

of concurrent MAC
authentication users is 1024.

NOTE:

You cannot enable MAC authentication on a link aggregation member port or a service loopback port. If
MAC authentication is enabled on a port, you cannot assign it to a link aggregation or service loopback

group.

Specifying an authentication domain for MAC

authentication users

By default, MAC authentication users are in the system default authentication domain. To implement

different access policies for users, you can specify authentication domains for MAC authentication users

in the following ways:

Specify a global authentication domain in system view. This domain setting applies to all ports.

Specify an authentication domain for an individual port in interface view.

MAC authentication chooses an authentication domain for users on a port in this order: the port-specific
domain, the global domain, and the default domain. For more information about authentication

domains, see "Configuring AAA."