Global Configuration

The configuration of MAC address authentication takes effect on each interface only after global MAC address authentication is enabled.

Context

MAC address authentication can be configured on an interface before global MAC address authentication is configured, but does not take effect on the interface. After global MAC address authentication is enabled, MAC address authentication enabled on an interface takes effect immediately.
NOTE:

MAC address authentication and 802.1x authentication cannot be enabled on the same interface.

Procedure

  1. Choose Security > MAC Authen > Global Configuration in the navigation tree to open the Global Configuration page.

    Table 1 describes the parameters on the Global Configuration page.

    Table 1 Global Configuration

    Parameter

    Description

    Global MAC Authentication

    Indicates whether to enable global MAC address authentication. Authentication parameters can be set before global MAC address authentication is enabled, but take no effect. After global MAC address authentication is enabled, the authentication parameters of each interface take effect immediately.

    The options are Enable and Disable. By default, the value is Disable.

    Domain

    Indicates the domain for MAC address authentication.

    User Name Format
    Indicates the user name format. The options are as follows:
    • MAC
    • Fixed user name

    MAC
    Indicates the format of MAC addresses. The parameter is valid when MAC addresses of users are used as user names. The options are as follows:
    • with-hyphen
    • without-hyphen

    By default, the value is without-hyphen.

    User Name

    Indicates the user name. The value is valid when the fixed user name is used for MAC address authentication.

    Fixed user name: All users use the user names and passwords pre-configured on a switch; therefore, whether users can pass authentication depends on correctness of the user names and passwords and the maximum number of users allowed to use the user name.

    Password

    Indicates the password of the user. The value is valid when the fixed user name is used for MAC address authentication.

    Set the value of this parameter according to the user name format.

    Confirm Password

    Enter the password again to confirm the password.

    Offline Detect Timer

    Indicates the value of the offline-detect timer, that is, the interval for the switch to detect whether a user is offline. When detecting that a user goes offline, the switch immediately instructs the RADIUS server to stop charging the user.

    Quiet Timer

    Indicates the value of the quiet timer. If a user fails to pass MAC address authentication, the switch waits for a period set by the quiet timer. Then the switch processes authentication requests from the user. During the quiet period, the switch does not process authentication requests from the user.

    Server Timeout Timer

    Indicates the timeout interval for the response from the RADIUS server. During MAC address authentication, if the connection between the switch and the RADIUS server expires, the switch forbids the user to access the Internet through the connected interface. In this case, the user can connect to another interface of the switch for re-authentication.

    Re-authentication Interval

    Indicates the re-authentication interval. After a user passes MAC address authentication, the switch sends an re-authentication request to the authentication server after a period. The re-authentication interval is controlled by the re-authentication timer.

  2. Set the parameters.
  3. Click Apply to complete the configuration.
Parent topic: MAC Authen
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.