The mac-authen username command configures the user name for MAC address authentication.
The undo mac-authen username command restores the default setting.
By default, the MAC address without hyphens (-) or colons (:) is used as the user name and password for MAC address authentication.
mac-authen username { fixed username [ password cipher password ] | macaddress [ format { with-hyphen [ normal ] [ colon ] | without-hyphen } [ uppercase ] [ password cipher password ] ] | dhcp-option option-code { circuit-id | remote-id } * [ separate separate ] [ format-hex ] password cipher password }
undo mac-authen username [ fixed username [ password cipher password ] | macaddress [ format { with-hyphen [ normal ] [ colon ] | without-hyphen } [ uppercase ] [ password cipher password ] ] | dhcp-option option-code [ circuit-id | remote-id ] * [ password cipher password ] ]
Parameter |
Description |
Value |
|---|---|---|
fixed username |
Specifies a fixed user name for MAC address authentication. |
The value is a string of 1 to 64 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string. |
password cipher password |
Specifies the password in cipher text for MAC address authentication.
|
The value is a string of case-sensitive characters without spaces. The password is either a plain-text string of 1 to 128 characters or a cipher-text string of 48 to 188 characters. When double quotation marks are used around the string, spaces are allowed in the string. NOTE:
For security purposes, change the default password in real time. The new password must be a combination of at least two of the following: digits, lowercase letters, uppercase letters, and special characters. In addition, the password must consist of six or more than six characters. |
macaddress |
Specifies the MAC address as the user name for MAC address authentication. |
- |
format { with-hyphen [ normal ] [ colon ] | without-hyphen } |
Specifies the MAC address format.
|
- |
uppercase |
Indicates that the name of a MAC address authentication user is in uppercase. |
- |
dhcp-option option-code |
Specifies the name of the MAC address authentication user to a specified DHCP option.
If both circuit-id and remote-id are configured, the user name for MAC address authentication can be set to a character string that is a combination of the circuit-id and remote-id in the DHCP Option82 field. |
The value is an integer. In the current version, the value is fixed as 82. |
separate separate |
Specifies the delimiter in the user name for MAC address authentication. This parameter is configured when the user name for MAC address authentication is set to a character string that is a combination of the circuit-id and remote-id in the DHCP Option82 field. |
The value is a character and can be set to a letter, digit, or another valid character. |
format-hex |
Indicates that the user name for MAC address authentication is in hexadecimal format. |
- |
Usage Scenario
Precautions
When configuring the user name format for MAC address authentication, ensure that the authentication server supports the user name format.
If MAC address authentication is enabled on a VLANIF interface, on an Eth-Trunk, in a port group, or in a VAP profile, and MAC address authentication users use fixed user names, passwords must be configured. If MAC address authentication is enabled in a port group and MAC addresses are used as user names, passwords cannot be configured. If MAC address authentication is enabled on a VLANIF interface or in a VAP profile, user names for MAC address authentication cannot be set to specified DHCP option information.
# In the MAC access profile mac_access_profile, configure the device to use the MAC address containing hyphens (-) as the user name.
<HUAWEI> system-view [HUAWEI] mac-access-profile name mac_access_profile [HUAWEI-mac-access-profile-mac_access_profile] mac-authen username macaddress format with-hyphen