R2511-HP MSR Router Series Security Command Reference(V5)
150
Parameters
domain-name: Specifies an authentication domain name, a case-insensitive string of 1 to 24 characters.
The domain name cannot contain any forward slash (/), colon (:), asterisk (*), question mark (?),
less-than sign (<), greater-than sign (>), or at sign (@).
Usage guidelines
The global authentication domain is applicable to all MAC authentication enabled ports. A port specific
authentication domain is applicable only to the port. You can specify different authentication domains on
different ports.
A port chooses an authentication domain for MAC authentication users in this order: port specific
domain, global domain, and the default authentication domain.
Examples
# Specify the domain1 domain as the global authentication domain for MAC authentication users.
<Sysname> system-view
[Sysname] mac-authentication domain domain1
# Specify the aabbcc domain as the authentication domain for MAC authentication users on port
Ethernet 1/1.
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] mac-authentication domain aabbcc
Related commands
display mac-authentication
mac-authentication host-mode multi-vlan
Use mac-authentication host-mode multi-vlan to enable MAC authentication multi-VLAN mode on a
port.
Use undo mac-authentication host-mode multi-vlan to restore the default.
Syntax
mac-authentication host-mode multi-vlan
undo mac-authentication host-mode multi-vlan
Default
MAC authentication multi-VLAN mode is disabled on a port.
Views
Layer 2 Ethernet interface view
Default command level
2: System level
Usage guidelines
The multi-VLAN mode enables a MAC-authenticated user to forward packets in multiple VLANs on the
port without re-authentication.
By default, a MAC authentication-enabled port forwards packets for an authenticated user only in the
VLAN where the user is authenticated. If the user forwards packets in a different VLAN, the port must
re-authenticate the user. After the user passes re-authentication, the port will update the MAC and VLAN
mapping of the user. For a user that sends various types of traffic (for example, data, video, and audio)