Specifying a MAC authentication domain

By default, MAC authentication users are in the system default authentication domain. To implement different access policies for users, you can specify authentication domains for MAC authentication users in the following ways:

Specify a global authentication domain in system view. This domain setting applies to all ports.
Specify an authentication domain for an individual port in Layer 2 Ethernet interface view.

MAC authentication chooses an authentication domain for users on a port in this order: the port-specific domain, the global domain, and the default domain. For more information about authentication domains, see "Configuring AAA."

To specify an authentication domain for MAC authentication users:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Specify an authentication domain for MAC authentication users.	(Approach 1) In system view:mac-authentication domain domain-name (Approach 2) In Layer 2 Ethernet interface view: interface interface-type interface-number mac-authentication domain domain-name	Use either approach. By default, the system default authentication domain is used for MAC authentication users.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Specify an authentication domain for MAC authentication users.

(Approach 1) In system view:mac-authentication domain domain-name
(Approach 2) In Layer 2 Ethernet interface view:
1. interface interface-type interface-number
2. mac-authentication domain domain-name

Use either approach.

By default, the system default authentication domain is used for MAC authentication users.

prev	up	next
Configuring MAC authentication on a port	home	Configuring a MAC authentication guest VLAN