Mac authentication configuration examples, Local mac authentication configuration example, Network requirements – H3C Technologies H3C S6300 Series Switches User Manual

85

MAC authentication configuration examples

Local MAC authentication configuration example

Network requirements

As shown in

Figure 31

, configure local MAC authentication on Ten-GigabitEthernet 1/0/1 to control

Internet access of users on the hosts, as follows:

•

Configure the device to detect whether a user has gone offline every 180 seconds, and if a user fails
authentication, deny the user for 180 seconds.

•

Configure all users to belong to the ISP domain bbb, and specify local authentication for users in the
domain.

•

Use the MAC address of each user as the username and password for authentication, and require
the MAC addresses be hyphenated and in lower case.

Figure 31 Network diagram

Configuration procedure

# Add a network access local user. In this example, configure both the username and password as Host
A's MAC address 00-e0-fc-12-34-56.

system-view

[Device] local-user 00-e0-fc-12-34-56 class network

[Device-luser-network-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56

# Specify the LAN access service for the user.

[Device-luser-network-00-e0-fc-12-34-56] service-type lan-access

[Device-luser-network-00-e0-fc-12-34-56] quit

# Configure ISP domain bbb to perform local authentication for LAN users.

[Device] domain bbb

[Device-isp-bbb] authentication lan-access local

[Device-isp-bbb] quit

# Enable MAC authentication on port Ten-GigabitEthernet 1/0/1.

[Device] interface ten-gigabitethernet 1/0/1

[Device-Ten-GigabitEthernet1/0/1] mac-authentication

[Device-Ten-GigabitEthernet1/0/1] quit

# Specify the MAC authentication domain as the ISP domain bbb.

[Device] mac-authentication domain bbb

# Configure MAC authentication timers.

[Device] mac-authentication timer offline-detect 180