No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720GFR, S2700, S5700, and S6720 V200R010C00 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Authen

MAC Authen

You can configure MAC address authentication globally or on an interface.

You can configure the following authentication methods for MAC address authentication on the switch:
  • Remote Authentication Dial-In User Service (RADIUS) authentication
  • Local authentication
NOTE:

This node is only available in the NAC common mode.

Global Configuration

The configuration of MAC address authentication takes effect on each interface only after global MAC address authentication is enabled.

Context

MAC address authentication can be configured on an interface before global MAC address authentication is configured, but does not take effect on the interface. After global MAC address authentication is enabled, MAC address authentication enabled on an interface takes effect immediately.

Procedure

  1. Choose Security > MAC Authen > Global Configuration in the navigation tree to open the Global Configuration page, as shown in Figure 2-213.

    Figure 2-213  Global Configuration

    Table 2-125 describes the parameters on the Global Configuration page.

    Table 2-125  Global Configuration

    Parameter

    Description

    Global MAC authentication

    Indicates whether to enable global MAC address authentication. Authentication parameters can be set before global MAC address authentication is enabled, but take no effect. After global MAC address authentication is enabled, the authentication parameters of each interface take effect immediately.

    The options are Enabled and Disabled. By default, the value is Disabled.

    Domain

    Indicates the domain for MAC address authentication.

    User name format

    Indicates the user name format. The options are as follows:
    • MAC
    • Fixed user name

    By default, the MAC address format is used.

    MAC

    Indicates the format of MAC addresses. The parameter is valid when MAC addresses of users are used as user names. The options are as follows:
    • with-hyphen
    • without-hyphen

    By default, the value is without-hyphen.

    User name

    Indicates the user name. The value is valid when the fixed user name is used for MAC address authentication.

    Fixed user name: All users use the user names and passwords pre-configured on a switch; therefore, whether users can pass authentication depends on correctness of the user names and passwords and the maximum number of users allowed to use the user name.

    Password

    Indicates the password of the user. The value is valid when the fixed user name is used for MAC address authentication.

    Set the value of this parameter according to the user name format.

    Confirm password

    Enter the password again to confirm the password.

    Offline detect timer

    Indicates the value of the offline-detect timer, that is, the interval for the switch to detect whether a user is offline. When detecting that a user goes offline, the switch immediately instructs the RADIUS server to stop charging the user.

    Quiet timer

    Indicates the value of the quiet timer. If a user fails to pass MAC address authentication, the switch waits for a period set by the quiet timer. Then the switch processes authentication requests from the user. During the quiet period, the switch does not process authentication requests from the user.

  2. Set the parameters.
  3. Click Apply to complete the configuration.

MAC Authentication on Interface

You can query, set, and delete MAC address authentication parameters on an interface.

Context

MAC address authentication can be configured on an interface before global MAC address authentication is configured, but does not take effect on the interface. After global MAC address authentication is enabled, MAC address authentication configured on an interface takes effect immediately.

Procedure

  • Query the configuration of MAC address authentication on an interface.
    1. Choose Security > MAC Authen > MAC Authentication on Interface in the navigation tree to open the MAC Authentication on Interface page.
    2. Set the search criteria.
    3. Click Query to display all matching records.
  • Configure Interface
    1. Choose Security > MAC Authen > MAC Authentication on Interface in the navigation tree to open the MAC Authentication on Interface page.
    2. Select a record and click Configure. The Configure Interface page is displayed, as shown in Figure 2-214.

      Figure 2-214  Configure Interface

      Table 2-126 describes the parameters on the Configure Interface page.

      Table 2-126  Configure Interface

      Parameter

      Description

      Interface name

      Indicates the name of an interface. The interface name cannot be modified. You can select multiple interfaces each time.

      NOTE:

      If only one interface is selected, the configuration of the interface is displayed on the Configure Interface page. If multiple interfaces are selected, the default settings of the interfaces are displayed.

      MAC authentication

      Indicates whether to enable MAC address authentication. The options are Enabled and Disabled. By default, the value is Disabled.

      Max Number of Access Users

      Indicates the maximum number of access users on the specified interface enabled with MAC address authentication. If no interface is specified, all interfaces can connect to access users of the same number.

    3. Set parameters.
    4. Click OK.
  • Clear the configuration of MAC address authentication parameters on an interface.
    1. Choose Security > MAC Authen > MAC Authentication on Interface in the navigation tree to open the MAC Authentication on Interface page.
    2. Select a record that you want to clear and click Clear Configuration.

      NOTE:
      • To select a record, click the check box of the record.
      • To delete records in batches, click the check boxes of the records.

    3. Click OK.
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000114003

Views: 46678

Downloads: 1041

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next