R3303-HP HSR6800 Routers Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

151

152

153

154

155

156

157

158

159

160

145

Use undo mac-authentication user-name-format to restore the default.

Syntax

mac-authentication user-name-format { fixed [ account name ] [ password { cipher | simple } password ]

| mac-address [ { with-hyphen | without-hyphen } [ lowercase | uppercase ] ] }

undo mac-authentication user-name-format

Default

Each user's MAC address is used as the username and password for MAC authentication, and letters

must be input in lower case. MAC addresses are not hyphenated.

Views

System view

Default command level

2: System level

Parameters

fixed: Uses a shared account for all MAC authentication users.

account name: Specifies the username for the shared account. The name takes a case-insensitive string

of 1 to 55 characters. If no username is specified, the default name mac applies.

password: Specifies the password for the shared user account:

cipher: Sets a ciphertext password.

simple: Sets a plaintext password.

password: Specifies the password. This argument is case sensitive. If simple is specified, it must be a

string of 1 to 63 characters. If cipher is specified, it must be a ciphertext string of 1 to 117 chara c te rs.

mac-address: Uses MAC-based user accounts for MAC authentication users. If this option is specified,

you must create one user account for each user, and use the MAC address of the user as both the

username and password for the account. You can also specify the format of username and password:

• with-hyphen—Hyphenates the MAC address, for example xx-xx-xx-xx-xx-xx.

• without-hyphen—Excludes hyphens from the MAC address, for example, xxxxxxxxxxxx.

• lowercase—Enters letters in lower case.

• uppercase—Capitalizes letters.

Usage guidelines

MAC authentication supports the following types of user account:

• One MAC-based user account for each user. A user can pass MAC authentication only when its

MAC address matches a MAC-based user account. This method is suitable for an insecure

environment.

• One shared user account for all users. Any user can pass MAC authentication on any MAC

authentication enabled port. You can use this method in a secure environment to limit network

resources accessible to MAC authentication users, for example, by assigning an authorized ACL or

VLAN for the shared account.

For security purposes, all passwords, including passwords configured in plain text, are saved in cipher

text to the configuration file.