Guest VLAN auth-period
Critical VLAN
Host mode
Offline detection
Max online users
Authentication attempts
Current online users
Example: Configuring ACL assignment for MAC
authentication
Network configuration
As shown in
•
Use RADIUS servers to perform authentication, authorization, and accounting for users.
•
Perform MAC authentication on GigabitEthernet 1/0/1 to control Internet access.
•
Use MAC-based user accounts for MAC authentication users. Each MAC address is in the
hexadecimal notation with hyphens, and letters are in lower case.
•
Use an ACL to deny authenticated users to access the FTP server at 10.0.0.1.
Figure 71 Network diagram
Procedure
Make sure the RADIUS servers and the access device can reach each other.
1.
Configure ACL 3000 to deny packets destined for 10.0.0.1.
<Device> system-view
[Device] acl advanced 3000
[Device-acl-ipv4-adv-3000] rule 0 deny ip destination 10.0.0.1 0
[Device-acl-ipv4-adv-3000] quit
2.
Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication simple abc
MAC address
Auth state
00e0-fc12-3456
Authenticated
Figure
71, configure the device to meet the following requirements:
: 30 s
: Not configured
: Single VLAN
: Enabled
: 4294967295
: successful 1, failed 0
: 1
227