Table of Contents
Advertisement
[Device-radius-2000] key accounting simple abc
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
# Apply the RADIUS scheme to an ISP domain for authentication, authorization, and
accounting.
[Device] domain bbb
[Device-isp-bbb] authentication default radius-scheme 2000
[Device-isp-bbb] authorization default radius-scheme 2000
[Device-isp-bbb] accounting default radius-scheme 2000
[Device-isp-bbb] quit
# Specify the ISP domain for MAC authentication.
[Device] mac-authentication domain bbb
# Configure the device to use MAC-based user accounts. Each MAC address is in the
hexadecimal notation with hyphens, and letters are in lower case.
[Device] mac-authentication user-name-format mac-address with-hyphen lowercase
# Enable MAC authentication on GigabitEthernet 1/0/1.
[Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] mac-authentication
[Device-GigabitEthernet1/0/1] quit
# Enable MAC authentication globally.
[Device] mac-authentication
3.
Configure the RADIUS servers:
# Add a user account with 00-e0-fc-12-34-56 as both the username and password on each
RADIUS server. (Details not shown.)
# Specify ACL 3000 as the authorization ACL for the user account. (Details not shown.)
Verifying the configuration
# Verify the MAC authentication configuration.
[Device] display mac-authentication
Global MAC authentication parameters:
MAC authentication
Username format
Offline detect period
Quiet period
Server timeout
Authentication domain
Online MAC-auth users
Silent MAC users:
MAC address
GigabitEthernet1/0/1
MAC authentication
Carry User-IP
Authentication domain
Auth-delay timer
Re-auth server-unreachable : Logoff
: Enabled
: MAC address in lowercase(xx-xx-xx-xx-xx-xx)
Username
: mac
Password
: Not configured
: 300 s
: 60 s
: 100 s
: bbb
: 1
VLAN ID
is link-up
From port
: Enabled
: Disabled
: Not configured
: Disabled
228
Port index
Advertisement
Table of Contents
Troubleshooting
