ACL Assigning
ACLs assigned by an authorization server are referred to as authorization ACLs, which are designed to
control access to network resources. If the RADIUS server is configured with authorization ACLs, the
device will permit or deny data flows traversing through the port through which a user accesses the
device according to the authorization ACLs. You can change access rights of users by modifying
authorization ACL settings on the RADIUS server.
Configuring MAC Authentication
Configuration Prerequisites
Create and configure an ISP domain.
For local authentication, create the local users and configure the passwords.
For RADIUS authentication, ensure that a route is available between the device and the RADIUS
server, and add the usernames and passwords on the server.
When adding usernames and passwords on the device or server, ensure that:
The type of username and password must be consistent with that used for MAC authentication.
All the letters in the MAC address to be used as the username and password must be in lower
case.
The service type of the local users must be configured as lan-access.
Configuration Procedure
Follow these steps to configure MAC authentication:
To do...
Enter system view
Enable MAC authentication
globally
Enable MAC authentication
for specified ports
Specify the ISP domain for
MAC authentication
Set the offline detect timer
Use the command...
system-view
mac-authentication
mac-authentication interface
interface-list
interface interface-type
interface-number
mac-authentication
quit
mac-authentication domain
isp-name
mac-authentication timer
offline-detect offline-detect-value
1-3
Remarks
—
Required
Disabled by default
Required
Use either approach.
Disabled by default
Optional
The default ISP domain is used
by default.
Optional
300 seconds by default