H3C S9500E Series Security Configuration Manual page 93
Routing switches
Hide thumbs
Also See for S9500E Series:
- Configuration manual (459 pages) ,
- Command reference manual (225 pages) ,
- Installation manual (154 pages)
Table of Contents
Advertisement
•
The username type of fixed username is used for authentication, with the username being
aaa and password being 123456.
Figure 28
Network diagram for MAC authentication using RADIUS
Configuration procedure
It is required that the RADIUS server and the device are reachable to each other and the username and
password are configured on the server.
Configure MAC authentication on the device
1.
Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication abc
[Device-radius-2000] key accounting abc
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
Specify the AAA schemes for the ISP domain.
[Device] domain 2000
[Device-isp-2000] authentication default radius-scheme 2000
[Device-isp-2000] authorization default radius-scheme 2000
[Device-isp-2000] accounting default radius-scheme 2000
[Device-isp-2000] quit
Enable MAC authentication globally.
[Device] mac-authentication
Enable MAC authentication for port GigabitEthernet 3/0/1.
[Device] mac-authentication interface gigabitethernet 3/0/1
Specify the ISP domain for MAC authentication.
[Device] mac-authentication domain 2000
Set the MAC authentication timers.
[Device] mac-authentication timer offline-detect 180
93
Advertisement
Table of Contents
Troubleshooting
