Mac authentication configuration example, Network requirements, Network diagram – H3C Technologies H3C S3100 Series Switches User Manual

1-8

MAC Authentication Configuration Example

Network requirements

As illustrated in

Figure 1-1

, a supplicant is connected to the switch through port Ethernet 1/0/2.

z

MAC authentication is required on port Ethernet 1/0/2 to control user access to the Internet.

z

All users belong to domain aabbcc.net. The authentication performed is locally and the MAC

address of the PC (00-0d-88-f6-44-c1) is used as both the user name and password.

Network Diagram

Figure 1-1 Network diagram for MAC authentication configuration

IP network

Host
MAC: 00-0d-88-f6-44-c1

Switch

Eth1/0/2

Configuration Procedure

# Enable MAC authentication on port Ethernet 1/0/2.

<Sysname> system-view

[Sysname] mac-authentication interface Ethernet 1/0/2

# Set the user name in MAC address mode for MAC authentication, requiring hyphened lowercase

MAC addresses as the usernames and passwords.

[Sysname] mac-authentication authmode usernameasmacaddress usernameformat with-hyphen

lowercase

# Add a local user.

z

Specify the user name and password.

[Sysname] local-user 00-0d-88-f6-44-c1

[Sysname-luser-00-0d-88-f6-44-c1] password simple 00-0d-88-f6-44-c1

z

Set the service type to “lan-access”.

[Sysname-luser-00-0d-88-f6-44-c1] service-type lan-access

[Sysname-luser-00-0d-88-f6-44-c1] quit

# Add an ISP domain named aabbcc.net.

[Sysname] domain aabbcc.net

New Domain added.

# Specify to perform local authentication.

[Sysname-isp-aabbcc.net] scheme local

[Sysname-isp-aabbcc.net] quit

# Specify aabbcc.net as the ISP domain for MAC authentication

[Sysname] mac-authentication domain aabbcc.net

# Enable MAC authentication globally (This is usually the last step in configuring access control related

features. Otherwise, a user may be denied of access to the networks because of incomplete

configuaration.)

[Sysname] mac-authentication