dot1x binding-mac enable
Syntax
dot1x binding-mac enable
undo dot1x binding-mac enable
View
Layer 2 Ethernet interface view
Default level
2: System level
Parameters
None
Description
Use dot1x binding-mac enable to enable the 802.1X MAC address binding feature.
Use undo dot1x binding-mac enable to restore the default.
By default, the 802.1X MAC address binding feature is disabled.
This command takes effect on a port only when the port performs MAC-based access control.
The 802.1X MAC address binding feature automatically binds MAC addresses of authenticated 802.1X users to the users' access port and generates 802.1X MAC address binding entries.
802.1X MAC address binding entries, both automatically generated and manually configured, never age out. They can survive a user logoff or a device reboot. To delete an entry, you must use the undo dot1x binding-mac mac-address command. An 802.1X MAC address binding entry cannot be deleted when the user in the entry is online.
After the number of 802.1X MAC address binding entries reaches the upper limit of concurrent 802.1X users (set by using the dot1x max-user command), the following restrictions exist:
Users not in the binding entries will fail authentication even after the users in the binding entries go offline.
New 802.1X MAC address binding entries are not allowed.
Related commands: dot1x binding-mac mac-address
Examples
# Enable 802.1X MAC address binding on Ethernet 1/0/1.
<Sysname> system-view [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] dot1x binding-mac enable