Download  Print this page

Radius-based Mac Authentication Configuration Example - HP A5830 Series Configuration Manual

Security switch.
Hide thumbs


RADIUS-based MAC authentication configuration example

Network requirements
As shown in
uses RADIUS servers for authentication, authorization, and accounting.
Perform MAC authentication on port GigabitEthernet 1/0/1 to control Internet access. Make sure that:
The device detects whether a user has gone offline every 180 seconds. If a user fails
authentication, the device does not authenticate the user within 180 seconds.
All MAC authentication users belong to ISP domain 2000 and share the user account aaa with
password 123456.
Figure 38 RADIUS-based MAC authentication
Configuration procedure
Make sure that the RADIUS server and the access device can reach each other. Create a shared
account for MAC authentication users on the RADIUS server, and set the username aaa and password
123456 for the account.
Configure RADIUS-based MAC authentication on the device.
# Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 1812
[Device-radius-2000] primary accounting 1813
[Device-radius-2000] key authentication abc
[Device-radius-2000] key accounting abc
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
# Apply the RADIUS scheme to ISP domain 2000 for authentication, authorization, and accounting.
[Device] domain 2000
[Device-isp-2000] authentication default radius-scheme 2000
[Device-isp-2000] authorization default radius-scheme 2000
[Device-isp-2000] accounting default radius-scheme 2000
[Device-isp-2000] quit
38, a host connects to port GigabitEthernet 1/0/1 on the access device. The device
RADIUS servers
IP network


Table of Contents

Comments to this Manuals

Symbols: 0
Latest comments: