1. Authenticated user : MAC address: 0002-0000-0011
Controlled User(s) amount to 1
In addition, the port allows an additional user whose MAC address has an OUI among the specified
OUIs to access the port.
# Display MAC address information for interface Ethernet 1/0/1.
<Device> display mac-address interface ethernet 1/0/1
MAC ADDR
1234-0300-0011
---
1 mac address(es) found
Configuring the macAddressElseUserLoginSecure mode
Network requirements
As shown in
authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized to
access the Internet.
Restrict port Ethernet 1/0/1 of the Device:
Allow more than one MAC authenticated user to log on.
•
For 802.1X users, perform MAC authentication first and then, if MAC authentication fails, 802.1X
•
authentication. Allow only one 802.1X user to log on.
Use MAC-based user accounts for MAC authentication users. The MAC addresses are hyphen
•
separated and in lower case.
•
Set the total number of MAC authenticated users and 802.1X authenticated users to 64.
Enable NTK to prevent frames from being sent to unknown MAC addresses.
•
Configuration procedure
Configurations on the host and RADIUS servers are not shown.
1.
Configure the RADIUS protocol:
Configure the RADIUS authentication/accounting and ISP domain settings the same as in
"Configuring the userLoginWithOUI
2.
Configure port security:
# Enable port security.
<Device> system-view
[Device] port-security enable
# Configure the device to use hyphenated, lowercased MAC addresses of users as the usernames
and passwords for MAC authentication.
[Device] mac-authentication user-name-format mac-address with-hyphen lowercase
[Device] interface ethernet 1/0/1
# Specify ISP domain sun for MAC authentication.
[Device] mac-authentication domain sun
[Device] interface ethernet 1/0/1
EAP Response/Challenge Packets: 6
Error Packets: 0
VLAN ID
STATE
1
Learned
Figure
73, a client is connected to the Device through Ethernet 1/0/1. The Device
PORT INDEX
Ethernet1/0/1
---
mode."
214
AGING TIME(s)
AGING