R2511-HP MSR Router Series Security Command Reference(V5)
154
simple: Sets a plaintext password.
password: Specifies the password. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 63 characters. If cipher is specified, it must be a ciphertext string of 1 to 117 c h a racter s.
mac-address: Uses MAC-based user accounts for MAC authentication users. If this option is specified,
you must create one user account for each user, and use the MAC address of the user as both the
username and password for the account. You can also specify the format of username and password:
• with-hyphen—Hyphenates the MAC address, for example xx-xx-xx-xx-xx-xx.
• without-hyphen—Excludes hyphens from the MAC address, for example, xxxxxxxxxxxx.
• lowercase—Enters letters in lower case.
• uppercase—Capitalizes letters.
Usage guidelines
MAC authentication supports the following types of user account:
• One MAC-based user account for each user. A user can pass MAC authentication only when its
MAC address matches a MAC-based user account. This method is suitable for an insecure
environment.
• One shared user account for all users. Any user can pass MAC authentication on any MAC
authentication enabled port. You can use this method in a secure environment to limit network
resources accessible to MAC authentication users, for example, by assigning an authorized ACL or
VLAN for the shared account.
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher
text to the configuration file.
Examples
# Configure a shared account for MAC authentication users: set the username as abc and password as
xyz, and display the password in plain text.
<Sysname> system-view
[Sysname] mac-authentication user-name-format fixed account abc password simple xyz
# Configure a shared account for MAC authentication users: set the username as abc and password as
$c$3$Uu9Dh4xRKWa8RHW3TFnNTafBbhdPAg, and display the password in cipher text.
<Sysname> system-view
[Sysname] mac-authentication user-name-format fixed account abc password cipher
$c$3$Uu9Dh4xRKWa8RHW3TFnNTafBbhdPAg
# Use MAC-based user accounts for MAC authentication users, and each MAC address must be
hyphenated, and in upper case.
<Sysname> system-view
[Sysname] mac-authentication user-name-format mac-address with-hyphen uppercase
Related commands
display mac-authentication
reset mac-authentication statistics
Use reset mac-authentication statistics to clear MAC authentication statistics.
Syntax
reset mac-authentication statistics [ interface interface-list ]