MAC Authentication Configuration Examples 743
[Sysname] domain aabbcc.net
[Sysname-isp-aabbcc.net] authentication lan-access local
[Sysname-isp-aabbcc.net] quit
# Enable MAC authentication globally.
[Sysname] mac-authentication
# Enable MAC authentication for port GigabitEthernet 1/0/1.
[Sysname] mac-authentication interface GigabitEthernet 1/0/1
# Specify the ISP domain for MAC authentication.
[Sysname] mac-authentication domain aabbcc.net
# Set the MAC authentication timers.
[Sysname] mac-authentication timer offline-detect 180
[Sysname] mac-authentication timer quiet 3
[Sysname] mac-authentication user-name-format fixed account aaa password simple 123456
1 Verify the configuration
# Display global MAC authentication information.
<Sysname> display mac-authentication
MAC address authentication is Enabled.
User name format is fixed account
Fixed username:aaa
Fixed password:123456
Offline detect period is 180s
Quiet period is 60s.
Server response timeout value is 100s
The max allowed user number is 1024 per slot
Current user number amounts to 1
Current domain is aabbcc.net
Silent Mac User info:
MAC ADDR From Port Port Index
GigabitGigabitEthernet1/0/1 is link-up
MAC address authentication is Enabled
Authenticate success: 1, failed: 0
Current online user number is 1
MAC ADDR Authenticate state AuthIndex
00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS 29
RADIUS-Based MAC
Authentication
Configuration Example
Network requirements
As illustrated in Figure 225, a host is connected to the device through port
GigabitEthernet 1/0/1. The device authenticates the host through the RADIUS
server.
■ MAC authentication is required on every port to control user access to the
Internet.
■ Set the offline detect timer to 180 seconds and the quiet timer to 3 minutes.
To Next Page
Loading...
