Acl assignment configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

7-9

MAC ADDR From Port Port Index

GigabitEthernet2/0/1 is link-up

MAC address authentication is enabled

Authenticate success: 1, failed: 0

Max number of on-line users is 1024

Current online user number is 1

MAC Addr Authenticate state Auth Index

00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS 29

# After the user passes authentication, you can use the display connection command to display the

online user information:

display connection

Slot: 2

Index=29 ,Username=aaa@2000

IP=N/A

MAC=00e0-fc12-3456

Total 1 connection(s) matched on slot 2.

Total 1 connection(s) matched.

ACL Assignment Configuration Example

Network requirements

As shown in

Figure 7-3

, a host is connected to port GigabitEthernet 2/0/1 of the device and the device

performs authentication, authorization, and accounting for users through the RADIUS servers. An FTP

server whose IP address is 10.0.0.1 is on the Internet.

The network requirements are:

z

The device performs RADIUS-based MAC authentication for users on port GigabitEthernet 2/0/1

to control their access to the Internet. The device uses a user’s MAC address with hyphens and in

lower case as the username and password for authentication.

z

After a user passes MAC authentication, the user can access the Internet resources except the

FTP server.

Figure 7-3 Network diagram for ACL assignment

Internet

Device

Host

192.168.1.10

GE2/0/1

FTP server

10.0.0.1

RADIUS servers

Auth:10.1.1.1
Acct:10.1.1.2

Configuration procedure