[Sysname] mac-authentication timer offline-detect 180
[Sysname] mac-authentication timer quiet 3
[Sysname] mac-authentication user-name-format fixed account aaa password simple 123456
RADIUS-Based MAC
Authentication
Configuration Example
[Sysname] domain aabbcc.net
[Sysname-isp-aabbcc.net] authentication lan-access local
[Sysname-isp-aabbcc.net] quit
# Enable MAC authentication globally.
[Sysname] mac-authentication
# Enable MAC authentication for port GigabitEthernet 1/0/1.
[Sysname] mac-authentication interface GigabitEthernet 1/0/1
# Specify the ISP domain for MAC authentication.
[Sysname] mac-authentication domain aabbcc.net
# Set the MAC authentication timers.
1 Verify the configuration
# Display global MAC authentication information.
<Sysname> display mac-authentication
MAC address authentication is Enabled.
User name format is fixed account
Fixed username:aaa
Fixed password:123456
Offline detect period is 180s
Quiet period is 60s.
Server response timeout value is 100s
The max allowed user number is 1024 per slot
Current user number amounts to 1
Current domain is aabbcc.net
Silent Mac User info:
MAC ADDR
GigabitGigabitEthernet1/0/1 is link-up
MAC address authentication is Enabled
Authenticate success: 1, failed: 0
Current online user number is 1
MAC ADDR
00e0-fc12-3456
Network requirements
As illustrated in Figure 225, a host is connected to the device through port
GigabitEthernet 1/0/1. The device authenticates the host through the RADIUS
server.
MAC authentication is required on every port to control user access to the
■
Internet.
Set the offline detect timer to 180 seconds and the quiet timer to 3 minutes.
■
MAC Authentication Configuration Examples
From Port
Authenticate state
MAC_AUTHENTICATOR_SUCCESS
743
Port Index
AuthIndex
29