# Enable MAC authentication for port GigabitEthernet 1/0/1.
[Device] mac-authentication interface GigabitEthernet 1/0/1
# Specify the ISP domain for MAC authentication.
[Device] mac-authentication domain 2000
# Set the MAC authentication timers.
[Device] mac-authentication timer offline-detect 180
[Device] mac-authentication timer quiet 180
# Specify to use the username aaa and password 123456 for MAC authentication of all users.
[Device] mac-authentication user-name-format fixed account aaa password simple 123456
Verify the configuration
# Display global MAC authentication information.
<Device> display mac-authentication
MAC address authentication is enabled.
User name format is fixed account
Offline detect period is 180s
Quiet period is 180s.
Server response timeout value is 100s
The max allowed user number is 1024 per slot
Current user number amounts to 1
Current domain is 2000
Silent Mac User info:
GigabitEthernet1/0/1 is link-up
MAC address authentication is enabled
Authenticate success: 1, failed: 0
Current online user number is 1
ACL Assignment Configuration Example
As shown in
MAC authentication to access the Internet.
Specify to use the MAC address of a user as the username and password for MAC authentication
of the user.
Configure the RADIUS server to assign ACL 3000.
On port GigabitEthernet 1/0/1 of the switch, enable MAC authentication and configure ACL 3000.
After the host passes MAC authentication, the RADIUS server assigns ACL 3000 to port
GigabitEthernet 1/0/1 of the switch. As a result, the host can access the Internet but cannot access the
FTP server, whose IP address is 10.0.0.1.
1-3, a host is connected to port GigabitEthernet 1/0/1 of the switch and must pass