Table of Contents
Advertisement
Host mode
Offline detection
Max online users
Authentication attempts
Current online users
MAC address
00e0-fc12-3456
The output shows that Host A has passed MAC authentication and has come online. Host B failed
MAC authentication and its MAC address is marked as a silent MAC address.
Example: Configuring RADIUS-based MAC authentication
Network configuration
As shown in
and accounting for users.
To control user access to the Internet by MAC authentication, perform the following tasks:
•
Enable MAC authentication globally and on GigabitEthernet 1/0/1.
•
Configure the device to detect whether a user has gone offline every 180 seconds.
•
Configure the device to deny a user for 180 seconds if the user fails MAC authentication.
•
Configure all users to belong to ISP domain bbb.
•
Use a shared user account for all users, with username aaa and password 123456.
Figure 70 Network diagram
Procedure
1.
Make sure the RADIUS server and the access device can reach each other. (Details not
shown.)
2.
Configure the RADIUS servers:
# Create a shared account for MAC authentication users. (Details not shown.)
# Set username aaa and password 123456 for the account. (Details not shown.)
3.
Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication simple abc
: Single VLAN
: Enabled
: 4294967295
: successful 1, failed 0
: 1
Auth state
Authenticated
Figure
70, the device uses RADIUS servers to perform authentication, authorization,
225
Advertisement
Table of Contents
Troubleshooting
