Table of Contents
Advertisement
Figure 36 Network diagram
Configuration procedure
1.
Make sure the RADIUS server and the access device can reach each other. (Details not
shown.)
2.
Configure the RADIUS servers:
# Create a shared account for MAC authentication users. (Details not shown.)
# Set the username aaa and password 123456 for the account. (Details not shown.)
3.
Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication simple abc
[Device-radius-2000] key accounting simple abc
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
# Apply the RADIUS scheme to ISP domain bbb for authentication, authorization, and
accounting.
[Device] domain bbb
[Device-isp-bbb] authentication default radius-scheme 2000
[Device-isp-bbb] authorization default radius-scheme 2000
[Device-isp-bbb] accounting default radius-scheme 2000
[Device-isp-bbb] quit
# Enable MAC authentication on port FortyGigE 1/1/1.
[Device] interface fortygige 1/1/1
[Device-FortyGigE1/1/1] mac-authentication
[Device-FortyGigE1/1/1] quit
# Specify the MAC authentication domain as the ISP domain bbb.
[Device] mac-authentication domain bbb
# Set MAC authentication timers.
[Device] mac-authentication timer offline-detect 180
[Device] mac-authentication timer quiet 180
# Specify username aaa and password 123456 in plain text for the account shared by MAC
authentication users.
[Device] mac-authentication user-name-format fixed account aaa password simple 123456
# Enable MAC authentication globally.
118
Advertisement
Table of Contents
Troubleshooting
