mac-authen username
Function
The mac-authen username command configures the user name format for MAC address authentication.
The undo mac-authen username restores the default user name format.
By default, the MAC address without hyphens (-) or colons (:) is used as the user name and password for MAC address authentication.
Only S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H,?S5731S-H, S5731-S, S5731S-S, S6720-HI, S6720-LI, S6720S-LI, S6720S-SI, S6720-SI, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-EI, and S6720S-EI support configuration of MAC address authentication on VLANIF interfaces.
Format
mac-authen username { fixed username [ password cipher password ] | macaddress [ format { with-hyphen [ normal ] [ colon ] | without-hyphen } [ uppercase ] [ password cipher password ] ] | dhcp-option option-code { circuit-id | remote-id } * [ separate separate ] [ format-hex ] password cipher password }
undo mac-authen username [ fixed username [ password cipher password ] | macaddress [ format { with-hyphen [ normal ] [ colon ] | without-hyphen } [ uppercase ] [ password cipher password ] ] | dhcp-option option-code [ password cipher password ] ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
fixed username |
Specifies the fixed user name for MAC address authentication. |
The value is a string of 1 to 64 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string. |
password cipher password |
Specifies the password displayed in cipher text for MAC address authentication.
NOTE:
If fixed user names are configured in the VLANIF interface view, Eth-Trunk interface view or port group view, the password must be set. If a MAC address is configured as the user name in the port group view, the password cannot be set. |
The value is a case-sensitive string without question marks (?) or spaces. The password contains 1 to 128 characters in plain text or 48 to 188 characters in cipher text. When double quotation marks are used around the string, spaces are allowed in the string. NOTE:
For security purposes, it is recommended that the password contains at least two types of lower-case letters, upper-case letters, numerals, and special characters, and contains at least 6 characters. |
macaddress |
Specifies that the user name in MAC address authentication is the MAC address. |
- |
format { with-hyphen [ normal ] [ colon ] | without-hyphen } |
Specifies the MAC address format.
|
- |
uppercase |
Indicates that the name of a MAC address authentication user is in uppercase. |
- |
dhcp-option option-code |
Specifies the name of the MAC address authentication user to a specified DHCP option.
If both circuit-id and remote-id are configured, the user name for MAC address authentication can be set to a character string that is a combination of the circuit-id and remote-id in the DHCP Option82 field. NOTE:
In VLANIF interface view, the parameter does not support. |
The value is an integer. In the current version, the value is fixed as 82. |
separate separate |
Specifies the delimiter in the user name for MAC address authentication. This parameter is configured when the user name for MAC address authentication is set to a character string that is a combination of the circuit-id and remote-id in the DHCP Option82 field. |
The value is a character and can be set to a letter, digit, or another valid character. |
format-hex |
Indicates that the user name for MAC address authentication is in hexadecimal format. |
- |
Views
System view, VLANIF interface view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, Port group view
Usage Guidelines
- When the MAC address is used as the user name for MAC address authentication, the password can be the MAC address or a self-defined character string.
- When the fixed user name is used for MAC address authentication, the user uses the fixed user name and password set by the administrator for authentication.
- When the DHCP option format is used for MAC address authentication, the device uses the DHCP option it obtains and password set by the administrator for authentication. In this mode, ensure that the device supports MAC address authentication triggered through DHCP packets.
When the user names for MAC address authentication are in the DHCP option format, the DHCP Option82 cannot be configured in the extend format or a customized format (non-character string) by using the dhcp option82 format command.
When the user name format in MAC address authentication is configured, ensure that the authentication server supports this format.