HP 6600 Security Configuration Manual page 136

[Sysname-radius-2000] user-name-format without-domain
[Sysname-radius-2000] quit
# Apply the RADIUS scheme to an ISP domain for authentication, authorization, and accounting.
[Sysname] domain 2000
[Sysname-isp-2000] authentication default radius-scheme 2000
[Sysname-isp-2000] authorization default radius-scheme 2000
[Sysname-isp-2000] accounting default radius-scheme 2000
[Sysname-isp-2000] quit
# Enable MAC authentication globally.
[Sysname] mac-authentication
# Specify the ISP domain for MAC authentication.
[Sysname] mac-authentication domain 2000
# Configure the device to use MAC-based user accounts, and the MAC addresses are hyphen
separated and in lowercase.
[Sysname] mac-authentication user-name-format mac-address with-hyphen lowercase
# Enable MAC authentication for port GigabitEthernet 3/0/1.
[Sysname] interface gigabitethernet 3/0/1
[Sysname-GigabitEthernet3/0/1] mac-authentication
4. Configure the RADIUS servers:
Add a user account with 00-e0-fc-12-34-56 as both the username and password on the RADIUS
server, and specify ACL 3000 as the authorization ACL for the user account. (Details not shown.)
Verifying the configuration
# After the host passes authentication, use the display connection command on the router to display
online user information.
[Sysname-GigabitEthernet3/0/1] display connection
Slot: 3
Index=52
IP=N/A
IPv6=N/A
MAC=00e0-fc12-3456
Total 1 connection(s) matched on slot 3.
Total 1 connection(s) matched.
# Ping the FTP server from the host. The output shows that the ACL 3000 has been assigned to port
GigabitEthernet 3/0/1 to deny access to the FTP server.
C:\>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
, Username=00-e0-fc-12-34-56@2000
122