Authentication attempts: successful 1, failed 0
RADIUS-based MAC authentication configuration
example
Network requirements
As shown in
uses RADIUS servers for authentication, authorization, and accounting.
To control user access to the Internet, configure MAC authentication on port Ten-GigabitEthernet 1/1/5,
as follows:
•
Configure the device to detect whether a user has gone offline every 180 seconds, and if a user fails
authentication, deny the user for 180 seconds.
Configure all users to belong to the ISP domain 2000.
•
Use a shared user account for all users, with the username aaa and password 123456.
•
Figure 34 Network diagram
Host
Configuration procedure
1.
Make sure the RADIUS server and the access device can reach each other.
Create a shared account for MAC authentication users on the RADIUS server, and set the
2.
username aaa and password 123456 for the account. (Details not shown.)
3.
Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication simple abc
[Device-radius-2000] key accounting simple abc
[Device-radius-2000] user-name-format without-domain
MAC Addr
Auth state
00e0-fc12-3456
authenticated
Figure
34, a host is connected to port Ten-GigabitEthernet 1/1/5 of the device. The device
RADIUS servers
Auth:10.1.1.1
Acct:10.1.1.2
XGE1/1/5
Device
IP network
84