dot1x binding-mac enable
Syntax
dot1x binding-mac enable
undo dot1x binding-mac enable
View
Layer 2 Ethernet interface view
Default level
2: System level
Description
Use dot1x binding-mac enable to enable the 802.1X MAC address binding feature.
Use undo dot1x binding-mac enable to disable the 802.1X MAC address binding feature.
By default, the 802.1X MAC address binding feature is disabled.
The 802.1X MAC address binding feature takes effect on a port only when the port performs MAC-based access control.
The 802.1X MAC address binding feature automatically binds MAC addresses of authenticated 802.1X users to the users' access port and generates 802.1X MAC address binding entries.
802.1X MAC address binding entries, both automatically generated and manually configured, never age out. They can survive a user logoff or a device reboot. To delete an entry, you must use the undo dot1x binding-mac mac-address command. An 802.1X MAC address binding entry cannot be deleted when the user in the entry is online.
After the number of 802.1X MAC address binding entries reaches the upper limit of concurrent 802.1X users (set by using the dot1x max-user command), the following restrictions exist:
Users not in the binding entries will fail authentication even after users in the binding entries go offline.
New 802.1X MAC address binding entries are not allowed.
Related commands: dot1x, dot1x port-method, and dot1x binding-mac mac-address.
Examples
# Enable 802.1X MAC address binding on Ethernet 1/0/1.
<Sysname> system-view [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] dot1x binding-mac enable