< Home

bind user-group mac-group

Function

The bind user-group mac-group command binds a user group to a MAC address group.

The undo bind user-group mac-group command cancels the binding between a user group and a MAC address group.

Format

bind user-group user-group-name mac-group mac-group-name

undo bind user-group user-group-name mac-group mac-group-name

Parameters

Parameter Description Value
user-group-name Specifies the name of a user group.

The value is a string of case-insensitive characters. If the user group name does not contain any space or question mark (?), the length is 2 to 225 characters; if the user group name contains spaces or question marks (?), the length is 4 to 227 characters and you must enclose the name with double quotation marks. For example, "/group for test". If the user group name has spaces at the start or end, the system automatically removes the spaces when saving the name.
mac-group-name Indicates the name of a MAC address group.

The value is a string of case-insensitive characters. If the MAC address group name does not contain any space or question mark (?), the length is 1 to 63 characters; if the MAC address group name contains spaces or question marks (?), the length is 3 to 65 characters and you must enclose the name with double quotation marks. For example, "mac group test". If the MAC address group name has spaces at the start or end, the system automatically removes the spaces when saving the name.

Views

Virtual gateway security view

Default Level

2: Configuration level

Usage Guidelines

In a MAC address authentication scenario, the binding relationship between a user group and a MAC address group needs to be configured on the SSL VPN virtual gateway. When a user's authentication request carrying the MAC address reaches the virtual gateway, the virtual gateway searches for the user group to which the user belongs based on the user name and then locates the MAC address group based on the binding relationship between the user group and the MAC address group. If the MAC address of the user can be found in the MAC address group, the user passes the authentication and can go online normally. If the MAC address cannot be found, the user fails the authentication, and the virtual gateway rejects the user's login request.

Example

# Bind user group user-group1 to MAC address group mac-group1.

<sysname> system-view
[sysname] v-gateway gateway
[sysname-gateway] security
[sysname-gateway-security] bind user-group user-group1 mac-group mac-group1
Parent Topic: Virtual Gateway Authentication and Authorization Configuration Command
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >