Configuring 802.1X MAC address binding
This feature can automatically bind MAC addresses of authenticated 802.1X users to the users' access port and generate 802.1X MAC address binding entries. You can also use the dot1x binding-mac mac-address command to manually configure 802.1X MAC address binding entries.
802.1X MAC address binding entries never age out. They can survive a user logoff or a device reboot. To delete an entry, you must use the undo dot1x binding-mac mac-address command.
After the number of 802.1X MAC address binding entries reaches the upper limit of concurrent 802.1X users, the following restrictions exist:
Users not in the binding entries will fail authentication even after users in the binding entries go offline.
New 802.1X MAC address binding entries are not allowed.
When you configure the 802.1X MAC address binding feature on a port, follow these restrictions and guidelines:
The 802.1X MAC address binding feature takes effect only when the port performs MAC-based access control.
Manually configured MAC address binding entries take effect only when the 802.1X MAC address binding feature takes effect.
An 802.1X MAC address binding entry cannot be deleted when the user in the entry is online.
To configure the 802.1X MAC address binding feature on a port:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Enable the 802.1X MAC address binding feature. | dot1x binding-mac enable | By default, the feature is disabled. |
4. Manually configure 802.1X MAC address binding entries. | dot1x binding-mac mac-address | Optional. By default, no 802.1X MAC address binding entries are configured on the port. |