< Home

authentication mac-authen-first force

Function

The authentication mac-authen-first force command configures forcible MAC address authentication before 802.1X authentication.

The undo authentication mac-authen-first force command restores the default setting.

By default, the forcible MAC address authentication is not configured before 802.1X authentication.

Format

authentication mac-authen-first force

undo authentication mac-authen-first force

Parameters

None

Views

Authentication profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If high security is required, users who access the network must use registered terminals for 802.1X authentication. To prevent users from using unregistered terminals to perform 802.1X authentication and occupying device and server resources, you can configure this function to force the users to perform MAC address authentication first. 802.1X authentication can be performed only after MAC address authentication succeeds. For an unregistered terminal, users go offline directly after MAC address authentication fails, and 802.1X authentication is not performed.

Precautions

This function is only supported in the wireless scenario.

Example

# Configure forcible MAC address authentication before 802.1X authentication.

<HUAWEI> system-view
[HUAWEI] authentication-profile name authen1
[HUAWEI-authen-profile-authen1] authentication mac-authen-first force
Parent Topic: NAC Configuration Commands (Unified Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >