Login
- Table of Contents
-
- 09 Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-802.1X commands
- 03-MAC authentication commands
- 04-Portal commands
- 05-Port security commands
- 06-Password control commands
- 07-Public key management commands
- 08-PKI commands
- 09-IPsec commands
- 10-SSH commands
- 11-SSL commands
- 12-IP source guard commands
- 13-ARP attack protection commands
- 14-MFF commands
- 15-uRPF commands
- 16-Crypto engine commands
- 17-FIPS commands
- 18-Attack detection and prevention commands
- 19-ND attack defense commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-MAC authentication commands | 140.71 KB |
Contents
display mac-authentication connection
mac-authentication carry user-ip
mac-authentication critical vlan
mac-authentication guest-vlan auth-period
mac-authentication re-authenticate server-unreachable keep-online
mac-authentication timer auth-delay
mac-authentication user-name-format
reset mac-authentication critical-vlan
reset mac-authentication guest-vlan
reset mac-authentication statistics
display mac-authentication
Use display mac-authentication to display MAC authentication settings and statistics. The output includes the global settings, port-specific settings, MAC authentication statistics, and online user statistics.
Syntax
display mac-authentication [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number. If you do not specify a port, this command displays all global and port-specific MAC authentication information.
Examples
# Display all MAC authentication settings and statistics.
<Sysname> display mac-authentication
Global MAC authentication parameters:
MAC authentication : Enabled
User name format : MAC address in lowercase(xxxxxxxxxxxx)
Username : mac
Password : Not configured
Offline detect period : 300 s
Quiet period : 60 s
Server timeout : 100 s
Authentication domain : Not configured, use default domain
Max MAC-auth users : 4294967295 per slot
Online MAC-auth users : 0
Silent MAC users:
MAC address VLAN ID From port Port index
FortyGigE1/1/1 is link-up
MAC authentication : Enabled
Carry User-IP : Enabled
Authentication domain : Not configured
Auth-delay timer : Disabled
Re-auth server-unreachable : Logoff
Guest VLAN : Not configured
Guest VLAN auth-period : 150 s
Critical VLAN : Not configured
Host mode : Single VLAN
Max online users : 4294967295
Authentication attempts : successful 0, failed 0
Current online users : 0
MAC address Auth state
Table 1 Command output
|
Field |
Description |
|
MAC authentication |
Whether MAC authentication is enabled globally. |
|
Username format |
User account type: MAC-based or shared. · If MAC-based accounts are used, this field displays the format settings for the username. For example, MAC address in lowercase(xxxxxxxxxxxx) indicates that the MAC address is in the hexadecimal notation without hyphens, and letters are in lower case. · If a shared account is used, this field displays Fixed account. |
|
Username: |
Username for MAC authentication. · If MAC-based accounts are used, this field displays mac. The device uses the MAC address of each user as the username and password for MAC authentication. · If a shared account is used, this field displays the username of the shared account for MAC authentication users. By default, the username is mac. |
|
Password: |
Password for MAC authentication. · If MAC-based accounts are used or if a shared account is used but no password is configured, this field displays Not configured. · If a shared account is used and a password is configured, this field displays a string of asterisks (******). |
|
Offline detect period |
Offline detect timer. |
|
Quiet period |
Quiet timer. |
|
Server timeout |
Server timeout timer. |
|
Authentication domain |
MAC authentication domain specified in system view. If no authentication domain is specified in system view, this field displays Not configured, use default domain. |
|
Max MAC-auth users |
Maximum number of MAC authentication users each device supports. |
|
Online MAC-auth users |
Number of online MAC authentication users. |
|
Silent MAC users |
Information about silent MAC addresses. |
|
MAC address |
Silent MAC address. |
|
VLAN ID |
ID of the VLAN to which the silent MAC address belongs. |
|
From port |
Name of the port that marks the MAC address as a silent MAC address. |
|
Port index |
Index of the port that marks the MAC address as a silent MAC address. |
|
FortyGigE1/1/1 is link-up |
Status of the link on port FortyGigE 1/1/1. In this example, the link is up. |
|
MAC authentication |
Whether MAC authentication is enabled on the port. |
|
Carry User-IP |
Whether user IP addresses are included in MAC authentication requests. |
|
Authentication domain |
MAC authentication domain specified for the port. |
|
Auth-delay timer |
Status of MAC authentication delay: · Enabled. · Disabled. |
|
Auth-delay period |
MAC authentication delay timer. |
|
Re-auth server-unreachable |
Whether to log off online users or keep them online when no server is reachable for MAC reauthentication. |
|
Guest VLAN |
MAC authentication guest VLAN configured on the port. If no MAC authentication guest VLAN is configured, this field displays Not configured. |
|
Guest VLAN auth-period |
Interval at which the device authenticates users in the MAC authentication guest VLAN on the port. |
|
Critical VLAN |
MAC authentication critical VLAN configured on the port. If no MAC authentication critical VLAN is configured, this field displays Not configured. |
|
Host mode |
If multi-VLAN mode is disabled, this field displays Single VLAN. If multi-VLAN mode is enabled, this field displays Multiple VLAN. |
|
Max online users |
Maximum number of concurrent online users allowed on the port. |
|
Authentication attempts: successful 1, failed 0 |
MAC authentication statistics, including the number of successful and unsuccessful authentication attempts. |
|
MAC address |
MAC address of the online user. |
|
Auth state |
User status: · Authenticated—The user has passed MAC authentication. · Unauthenticated—The user failed MAC authentication. |
display mac-authentication connection
Use display mac-authentication connection to display information about online MAC authentication users.
Syntax
display mac-authentication connection [ interface interface-type interface-number | slot slot-number | user-mac mac-addr | user-name user-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number. If you do not specify a port, this command displays information about the online MAC authentication users on all ports.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information about the online MAC authentication users on all member devices in the IRF fabric.
user-mac mac-addr: Specifies an online MAC authentication user by its MAC address. The mac-addr argument represents the MAC address of the user, in the form of H-H-H.
user-name user-name: Specifies an online MAC authentication user by its username. The user name is a case-sensitive string of 1 to 55 characters, and it can include the domain name.
Examples
# Display information about all online MAC authentication users.
<Sysname> display mac-authentication connection
Slot ID: 1
User MAC address: 0015-e9a6-7cfe
Access interface: FortyGigE1/1/1
Username: ias
Authentication domain: h3c
Initial VLAN: 1
Authorization untagged VLAN: 100
Authorization ACL ID: 3001
Authorization user profile: N/A
Termination action: Radius-request
Session timeout period: 2 s
Online from: 2013/03/02 13:14:15
Online duration: 0h 2m 15s
Total 1 connection(s) matched.
Table 2 Command output
|
Field |
Description |
|
Slot ID |
Member ID of a device. |
|
User MAC address |
MAC address of the user. |
|
Access interface |
Interface through which the user accesses the device. |
|
Authentication domain |
MAC authentication domain to which the user belongs. |
|
Initial VLAN |
VLAN that holds the user before MAC authentication. |
|
Authorization untagged VLAN |
Untagged VLAN authorized to the user. |
|
Authorization ACL ID |
ACL authorized to the user. |
|
Authorization user profile |
User profile authorized to the user. The device does not support this field in the current software version. |
|
Termination action |
Action attribute assigned by the server when the session timeout timer expires. The following server-assigned action attributes are available: · Default—Logs off the online authenticated user when the session timeout timer expires. · Radius-request—Reauthenticates the online user when the session timeout timer expires. If the device performs local authentication, this field displays N/A. |
|
Session timeout period |
Session timeout timer assigned by the server. If the device performs local authentication, this field displays N/A. |
|
Online from |
Time from which the MAC authentication user came online. |
|
Online duration |
Online duration of the MAC authentication user. |
|
Total 1 connection(s) matched |
Total number of online MAC authentication users. |
mac-authentication
Use mac-authentication to enable MAC authentication globally or on a port.
Use undo mac-authentication to disable MAC authentication globally or on a port.
Syntax
mac-authentication
undo mac-authentication
Default
MAC authentication is not enabled globally or on any port.
Views
System view, Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
To use MAC authentication on a port, you must enable the feature both globally and on the port.
Examples
# Enable MAC authentication globally.
<Sysname> system-view
[Sysname] mac-authentication
# Enable MAC authentication on port FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication
Related commands
display mac-authentication
mac-authentication carry user-ip
Use mac-authentication carry user-ip to include user IP addresses in MAC authentication requests sent to an IMC server.
Use undo mac-authentication carry user-ip to restore the default.
Syntax
mac-authentication carry user-ip
undo mac-authentication carry user-ip
Default
A MAC authentication request does not include the user IP address.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only on MAC authentication users who use static IP addresses. It prevents those users from modifying their IP addresses to access the network. Users who obtain IP addresses through DHCP are not affected.
Do not configure this command together with the mac-authentication guest-vlan command on a port. If both commands are configured, users in the MAC authentication guest VLAN cannot perform a new round of authentication.
Examples
# Include user IP addresses in MAC authentication requests on FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication carry user-ip
Related commands
mac-authentication
mac-authentication critical vlan
Use mac-authentication critical vlan to specify the MAC authentication critical VLAN on a port.
Use undo mac-authentication critical vlan to restore the default.
Syntax
mac-authentication critical vlan critical-vlan-id
undo mac-authentication critical vlan
Default
No MAC authentication critical VLAN is configured on a port.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
critical-vlan-id: Specifies a VLAN as the MAC authentication critical VLAN. The value range for the VLAN ID is 1 to 4094. Make sure the VLAN has been created and is not a super VLAN. For more information about super VLANs, see Layer 2—LAN Switching Configuration Guide.
Usage guidelines
The MAC authentication critical VLAN accommodates users who fail MAC authentication because all the servers in their ISP domains are unreachable. Users in this critical VLAN can access a limited set of network resources.
The critical VLAN feature takes effect when MAC authentication is performed only through RADIUS servers. If a MAC authentication user fails local authentication after RADIUS authentication, the user is not assigned to the critical VLAN.
Before you delete a VLAN that has been set as a MAC authentication critical VLAN, use the undo mac-authentication critical vlan command to remove the critical VLAN configuration.
Examples
# Configure VLAN 100 as the MAC authentication critical VLAN on FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication critical vlan 100
Related commands
· display mac-authentication
· reset mac-authentication critical-vlan
mac-authentication domain
Use mac-authentication domain to specify a global or port-specific authentication domain.
Use undo mac-authentication domain to restore the default.
Syntax
mac-authentication domain domain-name
undo mac-authentication domain
Default
No authentication domain is specified for MAC authentication users. The system default authentication domain is used. For more information about the default authentication domain, see the domain default enable command in "AAA commands."
Views
System view, Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the name of an ISP domain, a case-insensitive string of 1 to 24 characters.
Usage guidelines
The global authentication domain applies to all MAC authentication-enabled ports. A port-specific authentication domain applies only to the port. You can specify different authentication domains on different ports.
A port chooses an authentication domain for MAC authentication users in the following order:
1. Authentication domain specified on the port.
2. Global authentication domain specified in system view.
3. Default authentication domain.
Examples
# Specify domain domain1 as the global MAC authentication domain.
<Sysname> system-view
[Sysname] mac-authentication domain domain1
# Specify domain aabbcc as the MAC authentication domain on port FortyGigE 1/1/1.
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication domain aabbcc
Related commands
· display mac-authentication
· domain default enable
mac-authentication guest-vlan
Use mac-authentication guest-vlan to specify the MAC authentication guest VLAN on a port.
Use undo mac-authentication guest-vlan to restore the default.
Syntax
mac-authentication guest-vlan guest-vlan-id
undo mac-authentication guest-vlan
Default
No MAC authentication guest VLAN is configured on a port.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
guest-vlan-id: Specifies a VLAN as the MAC authentication guest VLAN. The value range for the VLAN ID is 1 to 4094. Make sure the VLAN has been created and is not a super VLAN. For more information about super VLANs, see Layer 2—LAN Switching Configuration Guide.
Usage guidelines
The MAC authentication guest VLAN accommodates MAC authentication users who have failed MAC authentication on the port. Users in the VLAN can access a limited set of network resources, such as a software server, to download antivirus software and system patches. If no MAC authentication guest VLAN is configured, the user who fails MAC authentication cannot access any network resources.
Before you delete a VLAN that has been set as a MAC authentication guest VLAN, use the undo mac-authentication guest-vlan command to remove the guest VLAN configuration.
Examples
# Configure VLAN 100 as the MAC authentication guest VLAN on port FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication guest-vlan 100
Related commands
· display mac-authentication
· reset mac-authentication guest-vlan
mac-authentication guest-vlan auth-period
Use mac-authentication guest-vlan auth-period to set the interval at which the device authenticates users in the MAC authentication guest VLAN.
Use undo mac-authentication guest-vlan auth-period to restore the default.
Syntax
mac-authentication guest-vlan auth-period period-value
undo mac-authentication guest-vlan auth-period
Default
The device authenticates users in the MAC authentication guest VLAN every 30 seconds.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
period-value: Sets the interval at which the device authenticates users in the MAC authentication guest VLAN. The value range is 1 to 3600 seconds.
Examples
# Set the authentication interval to 150 seconds for users in the MAC authentication guest VLAN on FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication guest-vlan auth-period 150
Related commands
· display mac-authentication
· mac-authentication guest-vlan
mac-authentication host-mode
Use mac-authentication host-mode multi-vlan to enable MAC authentication multi-VLAN mode on a port.
Use undo mac-authentication host-mode to restore the default.
Syntax
mac-authentication host-mode multi-vlan
undo mac-authentication host-mode
Default
MAC authentication multi-VLAN mode is disabled on a port. When the port receives a packet sourced from an authenticated MAC address in a VLAN not matching the existing MAC-VLAN mapping, the device logs off and reauthenticates the user.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
The MAC authentication multi-VLAN mode prevents an authenticated online user from service interruption caused by VLAN changes on a port. When the port receives a packet sourced from the user in a VLAN not matching the existing MAC-VLAN mapping, the device neither logs off the user nor reauthenticates the user. The device creates a new MAC-VLAN mapping for the user, and traffic transmission is not interrupted. The original MAC-VLAN mapping for the user remains on the device until it dynamically ages out. H3C recommends that you configure this feature on hybrid or trunk ports.
This feature improves transmission of data that is vulnerable to delay and interference. It is typically applicable to IP phone users.
Examples
# Enable MAC authentication multi-VLAN mode on FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication host-mode multi-vlan
Related commands
display mac-authentication
mac-authentication max-user
Use mac-authentication max-user to set the maximum number of concurrent MAC authentication users on a port.
Use undo mac-authentication max-user to restore the default.
Syntax
mac-authentication max-user user-number
undo mac-authentication max-user
Default
The maximum number of concurrent MAC authentication users on a port is 4294967295.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
user-number: Sets the maximum number of concurrent MAC authentication users on the port. The value range for this argument is 1 to 4294967295.
Examples
# Configure port FortyGigE 1/1/1 to support a maximum of 32 concurrent MAC authentication users.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication max-user 32
Related commands
display mac-authentication
mac-authentication re-authenticate server-unreachable keep-online
Use mac-authentication re-authenticate server-unreachable keep-online to enable the keep-online feature on a port. This feature keeps authenticated MAC authentication users online when no server is reachable for MAC reauthentication.
Use undo mac-authentication re-authenticate server-unreachable to restore the default.
Syntax
mac-authentication re-authenticate server-unreachable keep-online
undo mac-authentication re-authenticate server-unreachable
Default
The keep-online feature is disabled. The device logs off online MAC authentication users if no server is reachable for MAC reauthentication.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only after the server assigns the Radius-request action attribute to the authenticated MAC authentication user (see "display mac-authentication connection"). The access device will reauthenticate the user when the session timeout timer expires.
Examples
# Enable the keep-online feature for authenticated MAC authentication users on FortyGigE 1/1/1.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication re-authenticate server-unreachable keep-online
Related commands
display mac-authentication
mac-authentication timer
Use mac-authentication timer to set the MAC authentication timers.
Use undo mac-authentication timer to restore the defaults.
Syntax
mac-authentication timer { offline-detect offline-detect-value | quiet quiet-value | server-timeout server-timeout-value }
undo mac-authentication timer { offline-detect | quiet | server-timeout }
Default
The offline detect timer is 300 seconds, the quiet timer is 60 seconds, and the server timeout timer is 100 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
offline-detect offline-detect-value: Sets the offline detect timer in the range of 60 to 65535, in seconds.
quiet quiet-value: Sets the quiet timer in the range of 1 to 3600, in seconds.
server-timeout server-timeout-value: Sets the server timeout timer in the range of 100 to 300, in seconds.
Usage guidelines
MAC authentication uses the following timers:
· Offline detect timer—Sets the interval that the device waits for traffic from a user before the device regards the user idle. If a user connection has been idle within the interval, the device logs the user out and stops accounting for the user.
· Quiet timer—Sets the interval that the device must wait before the device can perform MAC authentication for a user who has failed MAC authentication. All packets from the MAC address are dropped during the quiet time. This quiet mechanism prevents repeated authentication from affecting system performance.
· Server timeout timer—Sets the interval that the device waits for a response from a RADIUS server before the device regards the RADIUS server unavailable. If the timer expires during MAC authentication, the user cannot access the network.
Examples
# Set the server timeout timer to 150 seconds.
<Sysname> system-view
[Sysname] mac-authentication timer server-timeout 150
Related commands
display mac-authentication
mac-authentication timer auth-delay
Use mac-authentication timer auth-delay to enable MAC authentication delay and set the delay time.
Use undo mac-authentication timer auth-delay to restore the default.
Syntax
mac-authentication timer auth-delay time
undo mac-authentication timer auth-delay
Default
MAC authentication delay is disabled.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
time: Sets the delay time for MAC authentication in seconds. The value range is 1 to 180.
Usage guidelines
When both 802.1X authentication and MAC authentication are enabled on a port, you can delay MAC authentication so that 802.1X authentication is preferentially triggered. If no 802.1X authentication is triggered or if 802.1X authentication fails within the delay period, the port continues to process MAC authentication.
Do not set the port security mode to mac-else-userlogin-secure or mac-else-userlogin-secure-ext when you want to use MAC authentication delay. The delay does not take effect on a port in either of the two modes. For more information about port security modes, see "Port security commands."
Examples
# Enable MAC authentication delay on interface FortyGigE 1/1/1, and set the delay time to 10 seconds.
<Sysname> system-view
[Sysname] interface fortygige 1/1/1
[Sysname-FortyGigE1/1/1] mac-authentication timer auth-delay 10
Related commands
· display mac-authentication
· port-security port-mode
mac-authentication user-name-format
Use mac-authentication user-name-format to configure the type of user accounts for MAC authentication users.
Use undo mac-authentication user-name-format to restore the default.
Syntax
mac-authentication user-name-format { fixed [ account name ] [ password { cipher | simple } password ] | mac-address [ { with-hyphen | without-hyphen } [ lowercase | uppercase ] ] }
undo mac-authentication user-name-format
Default
Each user's MAC address is used as the username and password for MAC authentication. A MAC address is in the hexadecimal notation without hyphens, and letters are in lower case.
Views
System view
Predefined user roles
network-admin
Parameters
fixed: Uses a shared account for all MAC authentication users.
account name: Specifies the username for the shared account. The name takes a case-sensitive string of 1 to 55 characters, excluding the at sign (@). If you do not specify a username, the default name mac applies.
password: Specifies the password for the shared user account:
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
password: Specifies the password. This argument is case sensitive.
· If the simple keyword is specified, the password must be a string of 1 to 117 characters.
· If the cipher keyword is specified, the password must be a ciphertext string of 1 to 88 characters.
mac-address: Uses MAC-based user accounts for MAC authentication users. You can also specify the format of username and password by using the following keywords:
· with-hyphen: Includes hyphens in the MAC address, for example xx-xx-xx-xx-xx-xx.
· without-hyphen: Excludes hyphens from the MAC address, for example, xxxxxxxxxxxx.
· lowercase: Enters letters in lower case.
· uppercase: Enters letters in upper case.
Usage guidelines
If you specify the MAC-based user account, the device uses the MAC address of a user as the username and password for MAC authentication of the user. This user account type ensures high authentication security. However, you must create on the authentication server a user account for each user, using the MAC address of the user as both the username and password.
If you specify a shared user account, the device uses the specified username and password for MAC authentication of all users. Because all MAC authentication users use a single account for authentication, you only need to create one account on the authentication server. This user account type is suitable for trusted networks.
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text.
Examples
# Configure a shared account for MAC authentication users, set the username as abc and password as plaintext string of xyz.
<Sysname> system-view
[Sysname] mac-authentication user-name-format fixed account abc password simple xyz
# Use MAC-based user accounts for MAC authentication users. Each MAC address must be in the hexadecimal notation with hyphens, and letters are in upper case.
<Sysname> system-view
[Sysname] mac-authentication user-name-format mac-address with-hyphen uppercase
display mac-authentication
reset mac-authentication critical-vlan
Use reset mac-authentication critical-vlan to remove users from the MAC authentication critical VLAN on a port.
Syntax
reset mac-authentication critical-vlan interface interface-type interface-number [ mac-address mac-address ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a port by its type and number.
mac-address mac-address: Specifies a user by its MAC address.
Examples
# Remove the user with MAC address 1-1-1 from the MAC authentication critical VLAN on FortyGigE 1/1/1.
<Sysname> reset mac-authentication critical-vlan interface fortygige 1/1/1 mac-address 1-1-1
Related commands
· display mac-authentication
· mac-authentication critical vlan
reset mac-authentication guest-vlan
Use reset mac-authentication guest-vlan to remove users from the MAC authentication guest VLAN on a port.
Syntax
reset mac-authentication guest-vlan interface interface-type interface-number [ mac-address mac-address ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a port by its type and number.
mac-address mac-address: Specifies a user by its MAC address.
Examples
# Remove the user with MAC address 1-1-1 from the MAC authentication guest VLAN on FortyGigE 1/1/1.
<Sysname> reset mac-authentication guest-vlan interface fortygige 1/1/1 mac-address 1-1-1
Related commands
· display mac-authentication
· mac-authentication guest-vlan
reset mac-authentication statistics
Use reset mac-authentication statistics to clear MAC authentication statistics.
Syntax
reset mac-authentication statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a port by its type and number. If you do not specify a port, this command clears all global and port-specific MAC authentication statistics.
Examples
# Clear MAC authentication statistics on port FortyGigE 1/1/1.
<Sysname> reset mac-authentication statistics interface fortygige 1/1/1
Related commands
display mac-authentication
