Mac Authentication Configuration Examples; Local Mac Authentication Configuration - H3C S9500E Series Security Configuration Manual

MAC authentication configuration examples

By default, Ethernet, VLAN, and aggregate interfaces are down. To configure these interfaces, use the
undo shutdown command to bring them up first.

Local MAC authentication configuration

Network requirements
A supplicant is connected to the device through port GigabitEthernet 3/0/1. See Figure 27.
•
Local MAC authentication is required on every port to control user access to the Internet.
•
All users belong to domain aabbcc.net.
•
Local users use their MAC addresses as the usernames and passwords for authentication.
•
Set the offline detect timer to 180 seconds and the quiet timer to 3 minutes.
Figure 27 Network diagram for local MAC authentication
Configuration procedure
Configure MAC authentication on the device
1.
Add a local user, setting the username and password as 00-e0-fc- 1 2-34-56, the MAC address of
the user.
<Device> system-view
[Device] local-user 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] service-type lan-access
[Device-luser-00-e0-fc-12-34-56] quit
Configure ISP domain aabbcc.net, and specify that the users in the domain use local
authentication.
[Device] domain aabbcc.net
[Device-isp-aabbcc.net] authentication lan-access local
[Device-isp-aabbcc.net] quit
Enable MAC authentication globally.
[Device] mac-authentication
Enable MAC authentication for port GigabitEthernet 3/0/1.
[Device] mac-authentication interface gigabitethernet 3/0/1
Specify the ISP domain for MAC authentication.
91