130
Server timeout : 100 s
Reauth period : 3600 s
Authentication domain : bbb
Online MAC-auth users : 1
Silent MAC users:
MAC address VLAN ID From port Port index
00e0-fc11-1111 8 XGE1/0/1 1
Ten-GigabitEthernet1/0/1 is link-up
MAC authentication : Enabled
Carry User-IP : Disabled
Authentication domain : Not configured
Auth-delay timer : Disabled
Periodic reauth : Disabled
Re-auth server-unreachable : Logoff
Guest VLAN : Not configured
Guest VLAN auth-period : 30 s
Critical VLAN : Not configured
Critical voice VLAN : Disabled
Host mode : Single VLAN
Offline detection : Enabled
Authentication order : Default
Max online users : 4294967295
Authentication attempts : successful 1, failed 0
Current online users : 1
MAC address Auth state
00e0-fc12-3456 Authenticated
The output shows that Host A has passed MAC authentication and has come online. Host B failed
MAC authentication and its MAC address is marked as a silent MAC address.
RADIUS-based MAC authentication configuration example
Network requirements
As shown in Figure 38, the device uses RADIUS servers to perform authentication, authorization,
and accounting for users.
To control user access to the Internet by MAC authentication, perform the following tasks:
• Enable MAC authentication globally and on Ten-GigabitEthernet 1/0/1.
• Configure the device to detect whether a user has gone offline every 180 seconds.
• Configure the device to deny a user for 180 seconds if the user fails MAC authentication.
• Configure all users to belong to ISP domain bbb.
• Use a shared user account for all users, with username aaa and password 123456.