MAC authentication configuration examples
Local MAC authentication configuration example
Network requirements
In the network in
Internet access. Ensure that:
All users belong to domain aabbcc.net.
•
•
Local users use their MAC address as the username and password for MAC authentication. The
MAC addresses are hyphen separated and in lower case.
The access device detects whether a user has gone offline every 180 seconds. When a user fails
•
authentication, the device does not authenticate the user within 180 seconds.
Figure 30 Network diagram for local MAC authentication
Configuration procedure
1.
Configure local MAC authentication
# Add a local user account, set both the username and password to 00-e0-fc- 1 2-34-56, the MAC address
of the user host, and enable LAN access service for the account.
<Device> system-view
[Device] local-user 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] service-type lan-access
[Device-luser-00-e0-fc-12-34-56] quit
# Configure ISP domain aabbcc.net, and perform local authentication for LAN access users.
[Device] domain aabbcc.net
[Device-isp-aabbcc.net] authentication lan-access local
[Device-isp-aabbcc.net] quit
# Enable MAC authentication globally.
[Device] mac-authentication
# Enable MAC authentication for port GigabitEthernet 1/0/1.
[Device] mac-authentication interface gigabitethernet 1/0/1
# Specify the ISP domain for MAC authentication.
[Device] mac-authentication domain aabbcc.net
# Set the MAC authentication timers.
[Device] mac-authentication timer offline-detect 180
[Device] mac-authentication timer quiet 180
# Configure MAC authentication to use MAC-based accounts. The MAC address usernames and
passwords are hyphenated and in lowercase.
Figure
35, perform local MAC authentication on port GigabitEthernet 1/0/1 to control
102