Silent MAC users:
Ten-GigabitEthernet1/0/1
MAC authentication
Authentication domain
Auth-delay timer
Re-auth server-unreachable : Logoff
Guest VLAN
Critical VLAN
Host mode
Max online users
Authentication attempts
Current online users
ACL assignment configuration example
Network requirements
As shown in
Use RADIUS servers to perform authentication, authorization, and accounting for users.
•
Perform MAC authentication on port Ten-GigabitEthernet 1/0/1 to control Internet access.
•
Use MAC-based user accounts for MAC authentication users. Each MAC address is in the
•
hexadecimal notation with hyphens, and letters are in lower case.
Use an ACL to deny authenticated users to access the FTP server at 10.0.0.1.
•
Figure 36 Network diagram
Configuration procedure
Make sure the RADIUS servers and the access device can reach each other.
1.
Configure ACL 3000 to deny packets destined for 10.0.0.1.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
MAC address
VLAN ID
is link-up
MAC address
Auth state
00e0-fc12-3456
Authenticated
Figure
36, configure the device to meet the following requirements:
From port
: Enabled
: Not configured
: Disabled
: Not configured
: Not configured
: Single VLAN
: 4294967295
: successful 1, failed 0
: 1
115
Port index