Typical User Access and Authentication Configuration
Command |
Function |
|---|---|
mac-limit |
Sets the maximum number of MAC addresses that can be learned by an interface. |
mac-address learning disable |
Disables MAC address learning on an interface. |
port link-type dot1q-tunnel |
Sets the link type of an interface to QinQ. |
port vlan-mapping vlan map-vlan port vlan-mapping vlan inner-vlan |
Configures VLAN mapping on an interface. |
port vlan-stacking |
Configures selective QinQ. |
port-security enable NOTE:
The restriction applies only to devices of versions earlier than V200R012C00. For devices running V200R012C00 or a later version, you can run this command on an interface even if NAC authentication is enabled on the interface, or enable NAC authentication on an interface even if this command is run. |
Enables interface security. |
mac-vlan enable |
Enables MAC address-based VLAN assignment on an interface. |
ip-subnet-vlan enable |
Enables IP subnet-based VLAN assignment on an interface. |
user-bind ip sticky-mac |
Enables the device to generate snooping MAC entries. |
- Typical AAA Configuration
- Typical NAC Configuration (Unified Mode) (the Agile Controller-Campus as the Authentication Server) (V200R009C00 and Later Versions)
- Typical NAC Configuration (Unified Mode) (V200R009C00 and Later Versions)
- Typical NAC Configuration (Unified Mode) (the Agile Controller-Campus as the Authentication Server) (V200R005C00 to V200R008C00)
- Typical NAC Configuration (Unified Mode) (V200R005C00 to V200R008C00)
- Typical NAC Configuration (Unified Mode) (iMaster NCE-Campus Functioning as the Authentication Server)
- Typical NAC Configuration (Common Mode)