Local MAC authentication configuration example

Network requirements

As shown in Figure 33, perform local MAC authentication on port GigabitEthernet 1/0/1 to control Internet access. Make sure:

Figure 33: Network diagram

Configuration procedure

# Add a local user account, and set both the username and password to 00-e0-fc-12-34-56, the MAC address of the user host.

<Device> system-view
[Device] local-user 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56

# Enable LAN access service for the account.

[Device-luser-00-e0-fc-12-34-56] service-type lan-access
[Device-luser-00-e0-fc-12-34-56] quit

# Configure ISP domain aabbcc.net to perform local authentication for LAN access users.

[Device] domain aabbcc.net
[Device-isp-aabbcc.net] authentication lan-access local
[Device-isp-aabbcc.net] quit

# Enable MAC authentication globally.

[Device] mac-authentication

# Enable MAC authentication on port GigabitEthernet 1/0/1.

[Device] mac-authentication interface gigabitethernet 1/0/1

# Specify the ISP domain for MAC authentication.

[Device] mac-authentication domain aabbcc.net

# Set the MAC authentication timers.

[Device] mac-authentication timer offline-detect 180
[Device] mac-authentication timer quiet 180

# Configure MAC authentication to use MAC-based accounts. The MAC address usernames and passwords are hyphenated and in lower case.

[Device] mac-authentication user-name-format mac-address with-hyphen lowercase

Verifying the configuration

# Display MAC authentication settings and statistics.

<Device> display mac-authentication
MAC address authentication is enabled.
 User name format is MAC address in lowercase, like xx-xx-xx-xx-xx-xx
 Fixed username:mac
 Fixed password:not configured
          Offline detect period is 180s
          Quiet period is 180s.
          Server response timeout value is 100s
          The max allowed user number is 2048 per slot
          Current user number amounts to 1
          Current domain is aabbcc.net
Silent Mac User info:
          MAC Addr         From Port                    Port Index
Gigabitethernet1/0/1 is link-up
  MAC address authentication is enabled
  Authenticate success: 1, failed: 0
 Max number of on-line users is 2048
  Current online user number is 1
          MAC Addr         Authenticate state           Auth Index
          00e0-fc12-3456   MAC_AUTHENTICATOR_SUCCESS     29

# After the user passes authentication, use the display connection command to display the online user information.

<Device> display connection
Slot:  1
Index=29  ,Username=00-e0-fc-12-34-56@aabbcc.net
 IP=N/A
 IPv6=N/A
 MAC=00e0-fc12-3456

 Total 1 connection(s) matched on slot 1.
 Total 1 connection(s) matched.