H3C Technologies H3C S12500-X Series Switches User Manual
Page 98
86
# Configure MAC authentication to use MAC-based accounts. The MAC address usernames and
passwords are hyphenated and in lower case.
[Device] mac-authentication user-name-format mac-address with-hyphen lowercase
418B
Verifying the configuration
# Display MAC authentication settings and statistics.
<Device> display mac-authentication
MAC authentication is enabled
User name format is MAC address in lowercase, like xx-xx-xx-xx-xx-xx
Fixed username: mac
Fixed password: Not configured
Offline detect period is 180s
Quiet period is 180s
Server response timeout value is 100s
Max number of users is 2048 per slot
Current number of online users is 1
Current authentication domain is aabbcc
Silent MAC user info:
MAC Addr VLAN ID From Port Port Index
Ten-GigabitEthernet1/0/1 is link-up
MAC authentication is enabled
Max number of online users is 1024
Current number of online users is 1
Current authentication domain: Not configured
MAC auth-delay is disabled
Authentication attempts: successful 1, failed 0
MAC Addr Auth state
00e0-fc12-3456 authenticated
202B
RADIUS-based MAC authentication configuration example
419B
Network requirements
As shown in
790H
Figure 33
, a host is connected to port Ten-GigabitEthernet 1/0/1 of the device. The device
uses RADIUS servers for authentication, authorization, and accounting.
To control user access to the Internet, configure MAC authentication on port Ten-GigabitEthernet 1/0/1,
as follows:
•
Configure the device to detect whether a user has gone offline every 180 seconds, and if a user fails
authentication, deny the user for 180 seconds.
•
Configure all users to belong to the ISP domain 2000.
•
Use a shared user account for all users, with the username aaa and password 123456.