113
Ten-GigabitEthernet1/0/1 is link-up
MAC authentication : Enabled
Authentication domain : Not configured
Auth-delay timer : Disabled
Re-auth server-unreachable : Logoff
Guest VLAN : Not configured
Critical VLAN : Not configured
Host mode : Single VLAN
Max online users : 4294967295
Authentication attempts : successful 1, failed 0
Current online users : 1
MAC address Auth state
00e0-fc12-3456 Authenticated
The output shows that Host A has passed MAC authentication and has come online. Host B failed MAC
authentication and its MAC address is marked as a silent MAC address.
RADIUS-based MAC authentication configuration example
Network requirements
As shown in Figure 35, the device uses RADIUS servers to perform authentication, authorization, and
accounting for users.
To control user access to the Internet by MAC authentication, perform the following tasks:
• Enable MAC authentication globally and on port Ten-GigabitEthernet 1/0/1.
• Configure the device to detect whether a user has gone offline every 180 seconds.
• Configure the device to deny a user for 180 seconds if the user fails MAC authentication.
• Configure all users to belong to the ISP domain bbb.
• Use a shared user account for all users, with the username aaa and password 123 456 .
Figure 35 Network diagram
Configuration procedure
1. Make sure the RADIUS server and the access device can reach each other. (Details not shown.)
2. Configure the RADIUS servers:
# Create a shared account for MAC authentication users. (Details not shown.)
To Next Page
Loading...
Need help?
General