Radius-Based Mac Authentication Configuration Example - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Guest VLAN
Guest VLAN auth-period
Critical VLAN
Critical voice VLAN
Host mode
Offline detection
Authentication order
Max online users
Authentication attempts
Current online users
MAC address
00e0-fc12-3456
The output shows that Host A has passed MAC authentication and has come online. Host B failed
MAC authentication and its MAC address is marked as a silent MAC address.
RADIUS-based MAC authentication configuration example
Network requirements
As shown in
and accounting for users.
To control user access to the Internet by MAC authentication, perform the following tasks:
•
Enable MAC authentication globally and on GigabitEthernet 1/0/1.
•
Configure the device to detect whether a user has gone offline every 180 seconds.
•
Configure the device to deny a user for 180 seconds if the user fails MAC authentication.
•
Configure all users to belong to the ISP domain bbb.
•
Use a shared user account for all users, with the username aaa and password 123456.
Figure 43 Network diagram
Configuration procedure
1.
Make sure the RADIUS server and the access device can reach each other. (Details not
shown.)
2.
Configure the RADIUS servers:
# Create a shared account for MAC authentication users. (Details not shown.)
# Set the username aaa and password 123456 for the account. (Details not shown.)
3.
Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
: Not configured
: 30 s
: Not configured
: Disabled
: Single VLAN
: Enabled
: Default
: 4294967295
: successful 1, failed 0
: 1
Auth state
Authenticated
Figure
43, the device uses RADIUS servers to perform authentication, authorization,
129
Advertisement
Table of Contents
Troubleshooting
