Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

7-6

Figure 7-1 Network diagram for local MAC authentication

Configuration procedure

1) Configure local MAC authentication on the device

# Add a local user, set both the username and password to 00-e0-fc-12-34-56, the MAC address of

the user host, and specify the service type for the local user as LAN access.

system-view

[Device] local-user 00-e0-fc-12-34-56

[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56

[Device-luser-00-e0-fc-12-34-56] service-type lan-access

[Device-luser-00-e0-fc-12-34-56] quit

# Configure ISP domain aabbcc.net, and specify that the users in the domain use local

authentication.

[Device] domain aabbcc.net

[Device-isp-aabbcc.net] authentication lan-access local

[Device-isp-aabbcc.net] quit

# Enable MAC authentication globally.

[Device] mac-authentication

# Enable MAC authentication for port GigabitEthernet 2/0/1.

[Device] mac-authentication interface gigabitethernet 2/0/1

# Specify the ISP domain for MAC authentication.

[Device] mac-authentication domain aabbcc.net

# Set the MAC authentication timers.

[Device] mac-authentication timer offline-detect 180

[Device] mac-authentication timer quiet 180

# Configure the device to use a user’s MAC address as the username and password for MAC

authentication, where the MAC address is with hyphens and in lowercase.

[Device] mac-authentication user-name-format mac-address with-hyphen lowercase

2) Verify the configuration

# Display MAC authentication information.

display mac-authentication

MAC address authentication is enabled.

User name format is MAC address in lowercase, like xx-xx-xx-xx-xx-xx

Fixed username:mac

Fixed password:not configured

Offline detect period is 180s

Quiet period is 180s.

Server response timeout value is 100s

The max allowed user number is 1024 per slot

Current user number amounts to 1

Current domain is aabbcc.net