RADIUS-based MAC authentication configuration example
Network requirements
As shown in
uses RADIUS servers for authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 1/0/1 to control Internet access. Make sure of the
following:
The device detects whether a user has gone offline every 180 seconds. If a user fails
•
authentication, the device does not authenticate the user within 180 seconds.
All MAC authentication users belong to ISP domain 2000 and share the user account aaa with
•
password 123456.
Figure 41 RADIUS-based MAC authentication
Make sure that the RADIUS server and the access device can reach each other. Create a shared account
for MAC authentication users on the RADIUS server, and set the username aaa and password 123456
for the account.
Configuration procedure
Configure RADIUS-based MAC authentication on the Router
1.
# Configure a RADIUS scheme.
<Router> system-view
[Router] radius scheme 2000
[Router-radius-2000] primary authentication 10.1.1.1 1812
[Router-radius-2000] primary accounting 10.1.1.2 1813
[Router-radius-2000] key authentication abc
[Router-radius-2000] key accounting abc
[Router-radius-2000] user-name-format without-domain
[Router-radius-2000] quit
Figure
41, a host connects to port GigabitEthernet 1/0/1 on the access device. The device
110