Which domain is preferentially used to authenticate users when MAC address authentication is used on the AR router

9

The following domains used in MAC authentication mode are listed in descending order of priority on the AR router:
1. Domain corresponding to the MAC address that is configured by the mac-authen domain mac-address command in the system view 2. Domain configured by the mac-authen domain command in the interface view 3. Domain configured by the mac-authen domain command in the system view 4. Default domain in the system view

Other related questions:
How to configure local authentication for a MAC address authentication user when the user's MAC address is used as the user name for authentication
You can configure local authentication for MAC address authentication users on S series switches (except the S1700). Perform the following operations to configure local authentication for a MAC address authentication user when the user's MAC address is specified as the user name for authentication (the configuration in NAC common mode is used as an example and is applicable to switches running all versions).
1. Configure an AAA scheme and a local account.
[HUAWEI] aaa
[HUAWEI-aaa] authentication-scheme a1
[HUAWEI-aaa-authen-a1] authentication-mode local   //Set the user's authentication mode to local authentication.
[HUAWEI-aaa-authen-a1] quit
[HUAWEI-aaa] local-user 000b-09d4-8828 password cipher Huawei@123  //Configure a local account and specify the user's MAC address as the user name.
[HUAWEI-aaa] local-user 000b-09d4-8828 service-type bind   //Configure the access type. You can set the access type of the local authentication user to 802.1x, Bind, PPP, or web.
2. Configure an authentication domain.
[HUAWEI-aaa] domain huawei
[HUAWEI-aaa-domain-huawei] authentication-scheme a1
[HUAWEI-aaa-domain-huawei] quit
[HUAWEI-aaa] quit
[HUAWEI] domain huawei   //Configure the authentication domain huawei as the global default authentication domain.
3. Specify the user's MAC address as the user name for local authentication.
[HUAWEI] mac-authen username macaddress format with-hyphen password cipher Huawei@123
4. Enable MAC address authentication.
[HUAWEI] mac-authen  //Enable MAC address authentication globally.
[HUAWEI] interface gigabitethernet 1/0/1  //Enter the view of the interface connected to the user.
[HUAWEI-GigabitEthernet1/0/1] port link-type access
[HUAWEI-GigabitEthernet1/0/1] port default vlan 10   //Add the interface to the VLAN to which the user belongs.
[HUAWEI-GigabitEthernet1/0/1] mac-authen  //Enable MAC address authentication on the interface.
[HUAWEI-GigabitEthernet1/0/1] quit
For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. Take the configuration on a switch running V200R009 as an example. For details, see "NAC Configuration (Unified Mode) - Example for Configuring MAC Address Authentication (AAA Local Authentication Is Used)" in S1720&S2700&S5700&S6720 V200R009C00 Configuration Guide - User Access and Authentication.

Which domain is used preferentially by 802.1x users
The following domains are listed in descending order of priority: 1. Domain that belongs to the user 2. Default domain in the system view

What is the default management and authentication domain of the AR router
By default, the global administrative domain (authentication domain of the administrator) on the AR router is default_admin. You can run the domain domain-name admin command in the system view to modify the global default administrative domain.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top