Local MAC authentication configuration example
Network requirements
In the network in Figure 32, perform local MAC authentication on port Ethernet 1/0/1 to control Internet access. Make sure that:
All users belong to domain aabbcc.net.
Local users use their MAC address as the username and password for MAC authentication. The MAC addresses are hyphen separated and in lower case.
The access device detects whether a user has gone offline every 180 seconds. When a user fails authentication, the device does not authenticate the user within 180 seconds.
Figure 32: Network diagram
Configuration procedure
# Add a local user account, set both the username and password to 00-e0-fc-12-34-56, the MAC address of the user host, and enable LAN access service for the account.
<Device> system-view [Device] local-user 00-e0-fc-12-34-56 [Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56 [Device-luser-00-e0-fc-12-34-56] service-type lan-access [Device-luser-00-e0-fc-12-34-56] quit
# Configure ISP domain aabbcc.net to perform local authentication for LAN access users.
[Device] domain aabbcc.net [Device-isp-aabbcc.net] authentication lan-access local [Device-isp-aabbcc.net] quit
# Enable MAC authentication globally.
[Device] mac-authentication
# Enable MAC authentication on port Ethernet 1/0/1.
[Device] mac-authentication interface ethernet 1/0/1
# Specify the ISP domain for MAC authentication.
[Device] mac-authentication domain aabbcc.net
# Set the MAC authentication timers.
[Device] mac-authentication timer offline-detect 180 [Device] mac-authentication timer quiet 180
# Configure MAC authentication to use MAC-based accounts. The MAC address usernames and passwords are hyphenated and in lowercase.
[Device] mac-authentication user-name-format mac-address with-hyphen lowercase
Verifying the configuration
# Display MAC authentication settings and statistics.
<Device> display mac-authentication MAC address authentication is enabled. User name format is MAC address in lowercase, like xx-xx-xx-xx-xx-xx Fixed username:mac Fixed password:not configured Offline detect period is 180s Quiet period is 180s. Server response timeout value is 100s The max allowed user number is 2048 per slot Current user number amounts to 1 Current domain is aabbcc.net Silent Mac User info: MAC Addr From Port Port Index Ethernet1/0/1 is link-up MAC address authentication is enabled Authenticate success: 1, failed: 0 Max number of on-line users is 2048 Current online user number is 1 MAC Addr Authenticate state Auth Index 00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS 29
# After the user passes authentication, use the display connection command to display the online user information.
<Device> display connection Slot: 1 Index=29 ,Username=00-e0-fc-12-34-56@aabbcc.net IP=N/A IPv6=N/A MAC=00e0-fc12-3456 Total 1 connection(s) matched on slot 1. Total 1 connection(s) matched.