Including user IP addresses in MAC authentication requests
This feature enables the device to add user IP addresses to the MAC authentication requests that are sent to an IMC server.
Upon receiving an authentication request, the IMC server compares the user IP and MAC addresses in the request with its local IP-MAC mapping of the user. If a match is found, the IMC server verifies the user valid. If no match is found, the user fails the MAC authentication.
The IMC server selects the IP-MAC combination for a MAC authentication user to match in the following order:
The IP and MAC addresses in the IMC platform user account associated with the MAC authentication user.
The IP and MAC addresses that are included in the authentication request. If the server does not have an authenticated IP-MAC record for the user, it determines that the IP-MAC combination of the user is valid. The server will record the IP-MAC combination of the user. If the user IP address is changed at the next authentication, the user cannot pass authentication.
When you configure this feature, follow these guidelines and restrictions:
This feature takes effect only on MAC authentication users who use static IP addresses. Users who obtain IP addresses through DHCP are not affected.
Do not configure this feature together with the MAC authentication guest VLAN on a port. If both features are configured, users in the MAC authentication guest VLAN cannot perform a new round of authentication.
To include user IP addresses in MAC authentication requests:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Ethernet interface view. | interface interface-type interface-number | N/A |
3. Include user IP addresses in MAC authentication requests. | mac-authentication carry user-ip | By default, a MAC authentication request does not include the user IP address. |