beautypg.com

Sample mac authentication configuration – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1218

background image

AAA Introduction and Configuration

Software Reference for x310 Series Switches

44.8

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Sample MAC Authentication Configuration

See the below sample configuration script for a sample MAC authentication configuration.
Copy, paste, and edit the sample MAC authentication configuration in the config file.
See the

edit

command in the

Chapter 7, File Management Commands

for further

information.

Output

The MAC authentication feature needs the

aaa authentication auth-mac

and the

auth-

mac enable

commands configured on an interface. See

Chapter 45, AAA Commands

and

Chapter 43, Authentication Commands

for command information to edit this

configuration.

The local RADIUS Server has been configured to use MAC authentication in this sample
configuration. See the

radius-server local

and

server enable

commands in

Chapter 51,

Local RADIUS Server Commands

for command information to edit this sample

configuration.

See the

user (RADIUS server)

command in

Chapter 51, Local RADIUS Server

Commands

for command information to edit the MAC address of the supplicant for use

with local RADIUS server as the RADIUS user name and the user password, as shown in the
above configuration.

This configuration enables MAC authentication on vlan1 with IP address
192.168.1.120

. Change the interface VLAN ID, MAC, and IP addresses as needed in

your configuration.

Figure 44-2: Sample MAC Authentication Configuration

!
radius-server host 127.0.0.1 key awplus-local-radius-server
!
aaa authentication auth-mac default group radius
!
radius-server local
server enable
nas 127.0.0.1 key awplus-local-radius-server
user 00-d0-59-ab-70-37 password 00-d0-59-ab-70-37
!
no spanning-tree rstp enable
!
interface port1.0.1
switchport
switchport mode access
auth-mac enable
!
interface vlan1
ip address 192.168.1.120/24
!