mac-authentication user-name-format
Syntax
mac-authentication user-name-format { fixed [ account name ] [ password { cipher | simple } password ] | mac-address [ { with-hyphen | without-hyphen } [ lowercase | uppercase ] ] }
undo mac-authentication user-name-format
View
System view
Default level
2: System level
Parameters
fixed: Uses a shared account for all MAC authentication users.
account name: Specifies the username for the shared account. The name takes a case-insensitive string of 1 to 55 characters. If no username is specified, the default name mac applies.
password: Specifies the password for the shared user account.
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
password: Specifies the password. This argument is case sensitive. If simple is specified, the password must be a string of 1 to 63 characters. If cipher is specified, the password must be a ciphertext string of 1 to 117 characters.
mac-address: Uses MAC-based user accounts for MAC authentication users. If this option is specified, you must create one user account for each user, and use the MAC address of the user as both the username and password for the account. You can also specify the format of username and password:
with-hyphen—Hyphenates the MAC address, for example xx-xx-xx-xx-xx-xx.
without-hyphen—Excludes hyphens from the MAC address, for example, xxxxxxxxxxxx.
lowercase—Enters letters in lower case.
uppercase—Capitalizes letters.
Description
Use mac-authentication user-name-format to configure the type of user accounts for MAC authentication users.
Use undo mac-authentication user-name-format to restore the default.
By default, each user's MAC address is used as the username and password for MAC authentication, and letters must be input in lower case without hyphens.
MAC authentication supports the following types of user account:
One MAC-based user account for each user. A user can pass MAC authentication only when its MAC address matches a MAC-based user account. This approach is suitable for an insecure environment.
One shared user account for all users. Any user can pass MAC authentication on any MAC authentication enabled port. You can use this approach in a secure environment to limit network resources accessible to MAC authentication users, for example, by assigning an authorized ACL or VLAN for the shared account.
The configuration file saves the password for a shared user account in cipher text, regardless of whether it is specified in cipher text or plain text.
Related commands: display mac-authentication.
Examples
# Configure a shared account for MAC authentication users: set the username as abc and password as xyz in plain text.
<Sysname> system-view [Sysname] mac-authentication user-name-format fixed account abc password simple xyz
# Configure a shared account for MAC authentication users: set the username as abc and password as a ciphertext string of $c$3$Uu9Dh4xRKWa8RHW3TFnNTafBbhdPAg.
<Sysname> system-view [Sysname] mac-authentication user-name-format fixed account abc password cipher $c$3$Uu9Dh4xRKWa8RHW3TFnNTafBbhdPAg
# Use MAC-based user accounts for MAC authentication users, and each MAC address must be hyphenated, and in upper case.
<Sysname> system-view [Sysname] mac-authentication user-name-format mac-address with-hyphen uppercase