MAC authentication configuration examples
Local MAC authentication configuration example
Network requirements
As shown in
Internet access of users on the hosts, as follows:
Configure the device to detect whether a user has gone offline every 180 seconds, and if a user fails
•
authentication, deny the user for 180 seconds.
Configure all users to belong to the ISP domain bbb, and specify local authentication for users in the
•
domain.
Use the MAC address of each user as the username and password for authentication, and require
•
the MAC addresses be hyphenated and in lower case.
Figure 32 Network diagram
Configuration procedure
# Add a network access local user. In this example, configure both the username and password as Host
A's MAC address 00-e0-fc- 1 2-34-56.
<Device> system-view
[Device] local-user 00-e0-fc-12-34-56 class network
[Device-luser-network-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56
# Specify the LAN access service for the user.
[Device-luser-network-00-e0-fc-12-34-56] service-type lan-access
[Device-luser-network-00-e0-fc-12-34-56] quit
# Configure ISP domain bbb to perform local authentication for LAN users.
[Device] domain bbb
[Device-isp-bbb] authentication lan-access local
[Device-isp-bbb] quit
# Enable MAC authentication on port Ten-GigabitEthernet 1/0/1.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] mac-authentication
[Device-Ten-GigabitEthernet1/0/1] quit
# Specify the MAC authentication domain as the ISP domain bbb.
[Device] mac-authentication domain bbb
# Configure MAC authentication timers.
[Device] mac-authentication timer offline-detect 180
Figure
32, configure local MAC authentication on Ten-GigabitEthernet 1/0/1 to control
84