Radius-Based Mac Authentication Configuration Example - HP MSR Series Configuration Manual

Host mode
Max online users
Authentication attempts
Current online users
MAC address
00e0-fc12-3456
The output shows that Host A has passed MAC authentication and has come online. Host B failed
MAC authentication and its MAC address is marked as a silent MAC address.

RADIUS-based MAC authentication configuration example

Network requirements
As shown in
and accounting for users.
To control user access to the Internet by MAC authentication, perform the following tasks:
•
Enable MAC authentication globally and on port GigabitEthernet 2/0/1.
•
Configure the device to detect whether a user has gone offline every 180 seconds.
•
Configure the device to deny a user for 180 seconds if the user fails MAC authentication.
•
Configure all users to belong to the ISP domain bbb.
•
Use a shared user account for all users, with the username aaa and password 123456.
Figure 46 Network diagram
Configuration procedure
1. Make sure the RADIUS server and the access device can reach each other. (Details not
shown.)
2. Configure the RADIUS servers:
# Create a shared account for MAC authentication users. (Details not shown.)
# Set the username aaa and password 123456 for the account. (Details not shown.)
3. Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication simple abc
[Device-radius-2000] key accounting simple abc
: Single VLAN
: 4096
: successful 1, failed 0
: 1
Auth state
Authenticated
Figure 46, the device uses RADIUS servers to perform authentication, authorization,
129