Local mac authentication configuration example, Network requirements, Configuring a local user – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 301: Creating an isp domain
288
Item Description
Enable MAC VLAN
Select the check box to enable MAC-based VLAN on the port.
NOTE:
You can enable MAC authentication only on hybrid ports.
Auth-Fail VLAN
Specify a VLAN as the Auth-Fail VLAN.
IMPORTANT:
•
The Auth-Fail VLAN function has higher priority than the quiet function of
MAC authentication. A user can access any resources.
•
The MAC authentication Auth-Fail VLAN function has higher priority than
the block MAC action but lower priority than the shut down port action of
the port intrusion protection feature. For more information about port
intrusion protection, see the chapter
Local MAC authentication configuration example
Network requirements
As shown in
, perform local MAC authentication on port GigabitEthernet 2/01 to control
Internet access. Ensure the following:
•
All users belong to the domain aabbcc.net.
•
Local users use their MAC addresses as the username and password for MAC authentication. The
MAC addresses are hyphenated and in lower case.
•
The access device detects whether a user has gone offline every 180 seconds. When a user fails
authentication, the device does not authenticate the user within 180 seconds.
Figure 262 Network diagram
Configuring a local user
Add a local user, setting the username and password as 00-e0-fc-12-34-56, the MAC address of the user,
and the service type to LAN access. (Details not shown)
Creating an ISP domain
1.
From the navigation tree, select Authentication > AAA.
The Domain Setup page appears.
2.
Type aabbcc.net as the domain name, and click Apply.