You can configure MAC authentication for ports first. However, the configuration takes effect only
after you enable MAC authentication globally.
Enabling MAC authentication on a port is mutually exclusive with adding the port to an aggregation
group and adding the port to a service loopback group.
For details about the default ISP domain, refer to AAA Configuration in the Security Volume.
Displaying and Maintaining MAC Authentication
To do...
Display the global MAC
authentication information or the
MAC authentication information
about specified ports
Clear the MAC authentication
statistics
MAC Authentication Configuration Examples
Local MAC Authentication Configuration Example
Network requirements
As illustrated in
Local MAC authentication is required on every port to control user access to the Internet.
All users belong to domain aabbcc.net.
Local users use their MAC addresses as the usernames and passwords for authentication.
Set the offline detect timer to 180 seconds and the quiet timer to 3 minutes.
Figure 1-1 Network diagram for local MAC authentication
Configuration procedure
1)
Configure MAC authentication on the device
# Add a local user, setting the username and password as 00-e0-fc-12-34-56, the MAC address of the
user.
<Device> system-view
[Device] local-user 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] service-type lan-access
Figure
1-1, a supplicant is connected to the device through port GigabitEthernet 1/0/1.
Use the command...
display mac-authentication
[ interface interface-list ]
reset mac-authentication
statistics [ interface interface-list ]
1-4
Remarks
Available in any view
Available in user view