103
Current online user number is 1
MAC Addr Authenticate state Auth Index
00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS 29
# After the user passes authentication, use the display connection command to display the online user
information.
<Device> display connection
Index=29 ,Username=00-e0-fc-12-34-56@aabbcc.net
MAC=00e0-fc12-3456
IP=N/A
IPv6=N/A
Total 1 connection(s) matched.
RADIUS-based MAC authentication configuration example
Network requirements
As shown in Figure 38, a host connects to the device through port GigabitEthernet 1/0/1. The device
uses RADIUS servers for authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 1/0/1 to control Internet access. Ensure that:
ï‚· The device detects whether a user has gone offline every 180 seconds. If a user fails authentication,
the device does not authenticate the user within 180 seconds.
ï‚· All MAC authentication users belong to ISP domain 2000 and share the user account aaa with
password 123456.
Figure 38 Network diagram for RADIUS-based MAC authentication
IP network
GE1/0/1
DeviceHost
RADIUS servers
Auth:10.1.1.1
Acct:10.1.1.2
Configuration procedure
NOTE:
Ensure that the RADIUS server and the access device can reach each other. Create a shared account
for MAC authentication users on the RADIUS server, and set the username aaa and password 123456
for the account.
1. Configure RADIUS-based MAC authentication on the device.
# Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
To Next Page
Loading...
Need help?
General