Radius-Based Mac Authentication Example - 3Com MSR 50 Series Configuration Manual

RADIUS-Based MAC
Authentication Example
# Configure ISP domain aabbcc.net, and specify to perform local authentication.
[Device] domain aabbcc.net
[Device-isp-aabbcc.net] authentication lan-access local
[Device-isp-aabbcc.net] quit
# Enable MAC authentication globally.
[Device] mac-authentication
# Enable MAC authentication for port GigabitEthernet 1/1.
[Device] mac-authentication interface gigabitethernet 1/1
# Specify the ISP domain for MAC authentication.
[Device] mac-authentication domain aabbcc.net
# Set the MAC authentication timers.
[Device] mac-authentication timer offline-detect 180
[Device] mac-authentication timer quiet 180
[Device] mac-authentication user-name-format fixed account aaa passw
ord simple 123456
2 After completing the above configurations, you can use the display
mac-authentication command to verify your configuration
# Display global MAC authentication information.
<Device> display mac-authentication
MAC address authentication is Enabled.
User name format is fixed account
Fixed username:aaa
Fixed password:123456
Offline detect period is 180s
Quiet period is 180s.
Server response timeout value is 100s
The max allowed user number is 1024 per slot
Current user number amounts to 1
Current domain is aabbcc.net
Silent Mac User info:
MAC ADDR
Gigabitethernet1/1 is link-up
MAC address authentication is Enabled
Authenticate success: 1, failed: 0
Current online user number is 1
MAC ADDR
00e0-fc12-3456
Network requirements
As shown in Figure 525, a host connects to the device through port
GigabitEthernet 1/1, and the device authenticates the host through the RADIUS
server.
MAC authentication is required on every port to control user access to the
■
Internet.
MAC Authentication Configuration Examples
From Port
Authenticate state
MAC_AUTHENTICATOR_SUCCESS
1807
Port Index
AuthIndex
29