The mac-authen trigger command configures the packet types that can trigger MAC address authentication.
The undo mac-authen trigger command restores the default configuration.
By default, DHCP/ARP/DHCPv6/ND packets can trigger MAC address authentication.
In the system view:
mac-authen { dhcp-trigger | arp-trigger | dhcpv6-trigger | nd-trigger } * [ interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> ]
undo mac-authen { dhcp-trigger | arp-trigger | dhcpv6-trigger | nd-trigger } * [ interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> ]
In the interface view:
mac-authen { dhcp-trigger | arp-trigger | dhcpv6-trigger | nd-trigger } *
undo mac-authen { dhcp-trigger | arp-trigger | dhcpv6-trigger | nd-trigger } *
Parameter |
Description |
Value |
|---|---|---|
| dhcp-trigger | Triggers MAC address authentication through DHCP packets. |
- |
| arp-trigger | Triggers MAC address authentication through ARP packets. |
- |
| dhcpv6-trigger | Triggers MAC address authentication through DHCPv6 packets. |
- |
| nd-trigger | Triggers MAC address authentication through ND packets. |
- |
interface { interface-type interface-number1 [ to interface-number2 ] } |
Specifies the interface type and number.
If this parameter is not specified, the command takes effect on all interfaces. |
- |
System view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, Port group view
Usage Scenario
After MAC address authentication is enabled, the device can trigger MAC address authentication on users by default when receiving DHCP/ARP/DHCPv6/ND packets. Based on user information on the actual network, the administrator can adjust the packet types that can trigger MAC address authentication. For example, if all users on a network dynamically obtain IPv4 addresses, the device can be configured to trigger MAC address authentication only through DHCP packets. This prevents the device from continuously sending ARP packets to trigger MAC address authentication when static IPv4 addresses are configured for unauthorized users on the network, and reduces device CPU occupation.
Precautions
If the command is configured globally, the configuration takes effect on multiple interfaces. If the command is configured globally and on an interface, the configuration on the interface takes precedence.
The mac-authen trigger command also enables MAC address authentication. When both the mac-authen trigger and mac-authen commands are configured on an interface, the last configured one takes effect. If the mac-authen configuration takes effect on the interface, DHCP, ARP, DHCPv6, and ND packets can trigger MAC address authentication.