116
[Sysname-acl-adv-3000] quit
2.
Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
[Sysname] radius scheme 2000
[Sysname-radius-2000] primary authentication 10.1.1.1 1812
[Sysname-radius-2000] primary accounting 10.1.1.2 1813
[Sysname-radius-2000] key authentication simple abc
[Sysname-radius-2000] key accounting simple abc
[Sysname-radius-2000] user-name-format without-domain
[Sysname-radius-2000] quit
# Apply RADIUS scheme
2000
to ISP domain
2000
for authentication, authorization, and
accounting.
[Sysname] domain 2000
[Sysname-isp-2000] authentication default radius-scheme 2000
[Sysname-isp-2000] authorization default radius-scheme 2000
[Sysname-isp-2000] accounting default radius-scheme 2000
[Sysname-isp-2000] quit
# Specify the ISP domain for MAC authentication.
[Sysname] mac-authentication domain 2000
# Configure the device to use MAC-based user accounts. Each MAC address is in the
hexadecimal notation with hyphens, and letters are in lower case.
[Sysname] mac-authentication user-name-format mac-address with-hyphen lowercase
# Enable MAC authentication on port Ten-GigabitEthernet 1/0/1.
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-authentication
[Sysname-Ten-GigabitEthernet1/0/1] quit
# Enable MAC authentication globally.
[Sysname] mac-authentication
3.
Configure the RADIUS servers:
# Add a user account with
00-e0-fc-12-34-56
as both the username and password on each
RADIUS server. (Details not shown.)
# Authorize ACL 3000 to the user account. (Details not shown.)
Verifying the configuration
# Verify the MAC authentication configuration.
[Sysname] display mac-authentication
Global MAC authentication parameters:
MAC authentication : Enabled
Username format : MAC address in lowercase(xx-xx-xx-xx-xx-xx)
Username : mac
Password : Not configured
Offline detect period : 180 s
Quiet period : 180 s
Server timeout : 100 s
Authentication domain : 2000
Max MAC-auth users : 4294967295 per slot
Online MAC-auth users : 1