This section provides a sample of configuring a source MAC address segment allowed for MAC address authentication using the merge method.
Operation |
XPATH |
|---|---|
edit-config:merge |
/huawei-nac-mac:mac-access/configure-mode/unified-mode/mac-access-profile/permit-mac/permit-mac-authenticate |
Item |
Data |
Description |
|---|---|---|
name |
test |
Configure the MAC access profile named test. |
dhcp-option-format |
option82-circuit-id |
Set the user name for MAC address authentication to a specified DHCP option. |
separate |
# |
Set the delimiter in the user name of MAC address authentication to #. |
code-format |
format-hex |
Set the user name for MAC address authentication in hexadecimal format. |
password |
huawei@123 |
Set the password for MAC address authentication to huawei@123. |
get-dhcp-option |
option-82 |
Send DHCP option information to the authentication server. |
re-authenticate-dhcp-renew |
true |
Re-authenticate the users when the device receives DHCP lease renewal packets from MAC address authentication users. |
off-line-dhcp-release |
true |
Clear user entries when the device receives DHCP release packets from MAC address authentication users. |
mac |
c0bf-c023-fb11 |
Set the MAC address to c0bf-c023-fb11. |
prefix-length |
24 |
Set the mask length of the MAC address to 24. |
<rpc message-id="0" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<hw-nac-mac:mac-access xmlns:hw-nac-mac="urn:huawei:params:xml:ns:yang:huawei-nac-mac">
<hw-nac-mac:mac-access-profile>
<hw-nac-mac:name>test</hw-nac-mac:name>
<hw-nac-mac:dhcp-option-format>option82-circuit-id</hw-nac-mac:dhcp-option-format>
<hw-nac-mac:separate>#</hw-nac-mac:separate>
<hw-nac-mac:code-format>format-hex</hw-nac-mac:code-format>
<hw-nac-mac:password>huawei@123</hw-nac-mac:password>
<hw-nac-mac:get-dhcp-option>option-82</hw-nac-mac:get-dhcp-option>
<hw-nac-mac:mac-re-authenticate>
<hw-nac-mac:re-authenticate-dhcp-renew>true</hw-nac-mac:re-authenticate-dhcp-renew>
</hw-nac-mac:mac-re-authenticate>
<hw-nac-mac:off-line-dhcp-release>true</hw-nac-mac:off-line-dhcp-release>
<hw-nac-mac:permit-mac>
<hw-nac-mac:permit-mac-authenticate>
<hw-nac-mac:mac>c0bf-c023-fb11</hw-nac-mac:mac>
<hw-nac-mac:prefix-length>24</hw-nac-mac:prefix-length>
</hw-nac-mac:permit-mac-authenticate>
</hw-nac-mac:permit-mac>
</hw-nac-mac:mac-access-profile>
</hw-nac-mac:mac-access>
</config>
</edit-config>
</rpc>
Sample of successful response
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="0"> <ok/> </rpc-reply>
Sample of failed response
<?xml version='1.0' encoding='UTF-8'?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="8">
<rpc-error>
<error-type>application</error-type>
<error-tag>operation-failed</error-tag>
<error-severity>error</error-severity>
<error-path>/huawei-nac-mac:mac-access/mac-access-profile[name='laoyu']/permit-mac/permit-mac-authenticate[mac='c0bx-cy23-fb11']/mac</error-path>
<error-message>parse rpc config error.(Value "c0bx-cy23-fb11" does not satisfy the constraint "[0-9a-fA-F]{4}(-[0-9a-fA-F]{4}){2}" (range, length, or pattern).).</error-message>
</rpc-error>
</rpc-reply>