Slot:
3
Index=52
IP=N/A
IPv6=N/A
MAC=00e0-fc12-3456
Total 1 connection(s) matched on slot 3.
Total 1 connection(s) matched.
RADIUS-based MAC authentication configuration example
Network requirements
As shown in
RADIUS servers for authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 3/0/1 to control Internet access. Make sure the
following requirements are met:
•
The router detects whether a user has gone offline every 180 seconds. If a user fails authentication,
the router does not authenticate the user within 180 seconds.
All MAC authentication users belong to ISP domain 2000 and share the user account aaa with
•
password 123456.
Figure 43 Network diagram
Host
Configuration procedure
1.
Make sure the RADIUS server and the router can reach each other.
2.
Create a shared account for MAC authentication users on the RADIUS server, and set the
username aaa and password 123456 for the account. (Details not shown.)
3.
Configure the router:
# Configure a RADIUS scheme.
<Router> system-view
[Router] radius scheme 2000
[Router-radius-2000] primary authentication 10.1.1.1 1812
[Router-radius-2000] primary accounting 10.1.1.2 1813
[Router-radius-2000] key authentication abc
[Router-radius-2000] key accounting abc
[Router-radius-2000] user-name-format without-domain
, Username=00-15-e9-43-82-73@aabbcc.net
Figure
43, a host connects to port GigabitEthernet 3/0/1 on the router. The router uses
RADIUS servers
Auth:10.1.1.1
Acct:10.1.1.2
GE3/0/1
Router
IP network
119