H3C Technologies H3C S7500E Series Switches User Manual

7-8

The RADIUS server and the device must be reachable to each other and an account with the

username aaa and password 123456 must be configured on the server.

1) Configure RADIUS-based MAC authentication on the device

# Configure a RADIUS scheme.

system-view

[Device] radius scheme 2000

[Device-radius-2000] primary authentication 10.1.1.1 1812

[Device-radius-2000] primary accounting 10.1.1.2 1813

[Device-radius-2000] key authentication abc

[Device-radius-2000] key accounting abc

[Device-radius-2000] user-name-format without-domain

[Device-radius-2000] quit

# Specify the AAA schemes for the ISP domain.

[Device] domain 2000

[Device-isp-2000] authentication default radius-scheme 2000

[Device-isp-2000] authorization default radius-scheme 2000

[Device-isp-2000] accounting default radius-scheme 2000

[Device-isp-2000] quit

# Enable MAC authentication globally.

[Device] mac-authentication

# Enable MAC authentication for port GigabitEthernet 2/0/1.

[Device] mac-authentication interface gigabitethernet 2/0/1

# Specify the ISP domain for MAC authentication.

[Device] mac-authentication domain 2000

# Set the MAC authentication timers.

[Device] mac-authentication timer offline-detect 180

[Device] mac-authentication timer quiet 180

# Specify username aaa and password 123456 for MAC authentication of all users.

[Device] mac-authentication user-name-format fixed account aaa password simple 123456

2) Verify the configuration

# Display MAC authentication information.

display mac-authentication

MAC address authentication is enabled.

User name format is fixed account

Fixed username:aaa

Fixed password:123456

Offline detect period is 180s

Quiet period is 180s.

Server response timeout value is 100s

The max allowed user number is 1024 per slot

Current user number amounts to 1

Current domain is 2000

Silent Mac User info: