Task
Display MAC authentication
information.
Clear MAC authentication
statistics.
MAC authentication configuration examples
Local MAC authentication configuration example
Network requirements
In the network in
Internet access. Make sure the following requirements are met:
All users belong to domain aabbcc.net.
•
Local users use their MAC address as the username and password for MAC authentication. The
•
MAC addresses are separated by hyphens and in lower case.
The access device detects whether a user has gone offline every 180 seconds. When a user fails
•
authentication, the device does not authenticate the user within 180 seconds.
Figure 46 Network diagram
Configuration procedure
# Add a local user account, set both the username and password to 00-e0-fc- 1 2-34-56, the MAC address
of the user host, and enable LAN access service for the account.
<Device> system-view
[Device] local-user 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] service-type lan-access
[Device-luser-00-e0-fc-12-34-56] quit
# Configure ISP domain aabbcc.net to perform local authentication for LAN access users.
[Device] domain aabbcc.net
[Device-isp-aabbcc.net] authentication lan-access local
[Device-isp-aabbcc.net] quit
# Enable MAC authentication globally.
[Device] mac-authentication
# Enable MAC authentication on port GigabitEthernet 1/0/1.
[Device] mac-authentication interface gigabitethernet 1/0/1
# Specify the ISP domain for MAC authentication.
Command
display mac-authentication [ interface
interface-list ] [ | { begin | exclude | include }
regular-expression ]
reset mac-authentication statistics [ interface
interface-list ]
Figure
46, perform local MAC authentication on port GigabitEthernet 1/0/1 to control
118
Remarks
Available in any
view.
Available in user
view.