Configuring 802.1X MAC address binding

About 802.1X MAC address binding

This feature can automatically bind MAC addresses of authenticated 802.1X users to the users' access port and generate 802.1X MAC address binding entries. You can also use the dot1x mac-binding mac-address command to manually add 802.1X MAC address binding entries.

802.1X MAC address binding entries never age out. They can survive a user logoff or a device reboot. If users in the 802.1X MAC address binding entries perform 802.1X authentication on another port, they cannot pass authentication.

Restrictions and guidelines

The 802.1X MAC address binding feature takes effect only when the port performs MAC-based access control.

To delete an 802.1X MAC address binding entry, you must use the undo dot1x mac-binding mac-address command. An 802.1X MAC address binding entry cannot be deleted when the user in the entry is online.

After the number of 802.1X MAC address binding entries reaches the upper limit of concurrent 802.1X users (set by using the dot1x max-user command), the following restrictions exist:

Procedure

  1. Enter system view.

    system-view

  2. Enter interface view.

    interface interface-type interface-number

  3. Enable the 802.1X MAC address binding feature.

    dot1x mac-binding enable

    By default, the feature is disabled.

  4. (Optional.) Manually add an 802.1X MAC address binding entry.

    dot1x mac-binding mac-address

    By default, no 802.1X MAC address binding entries exist on a port.